Cybercrime Impact on SMBs

Written By United Social Media

The Cost of Cybercrime on Small to Medium Business

Criminals looking to steal data or disrupt commerce don’t only target large corporations. For cybercriminals, small and medium sized businesses (SMBs) are just as attractive a target as corporate and government entities.

SMBs make up a large proportion of all modern economies. This makes them a lucrative and often vulnerable target for cybercriminals due to the fact many SMBs do not take cyber threats seriously. But as many have found out to their sorrow, cybercrime is an unfortunate side effect of the information age we live in.

Crime committed through the Internet falls into two broad categories: information theft and digital vandalism. Hackers seek financial records, proprietary information, intellectual property, customer data and transaction records. Once stolen, this information is used to either directly steal funds from the SMB or its customers, or is sold to other criminals.

Phishing is an extremely common form of information theft that tricks a user into revealing sensitive information such as passwords or credit card numbers by masquerading as a trusted entity. Digital vandalism includes denial of service attacks, viruses or other types of malware intended to disrupt a business.

For a small to medium enterprise, theft of customer information can paralyse operations or worse - put a company out of business. A single incident that damages a firm's reputation or compromises the integrity of its online payment gateway could result in unrecoverable losses. For many SMBs, such costs can be fatal. While the precise costs of a cyberattack differ based on an SMB's size and other factors, there are generally five areas where an SMB is impacted when cybercrime strikes.

Revenue Impact

A cyber security breach may result in an SMB being forced to cease digital, web or electronic operation. An online retailer subjected to a DoS (or DDoS) attack could be shut down for days or weeks while trying to ascertain the attack's origin, and taking necessary steps to restore services.

A data breach where customer credit card information is stolen could cause a similar lockdown. A total loss of revenue for several days or longer is the likely outcome.

Damage to reputation

Another cost that's difficult to quantify is reputation damage after an attack.

Consider an online retailer that relies heavily on a website with integrated payment gateway. If that site is compromised or infected with malicious links, it may become quarantined or ‘sin binned’ for a period by search engines. During a quarantine, the site is virtually unavailable to potential new customers.

Even when the website is restored, it could take months for the retailer’s reputation to recover. That's on top of revenue loss in damage to good will from customers impacted by the attack.

Loss of company assets

Bank account numbers, passwords and personal information stolen during a breach may lead to theft of account funds. SMBs should never assume that banks or insurers will cover such losses, as with consumer credit card companies. Stolen funds are usually unrecoverable and lead to an SMB losing working capital.

Proprietary information may include blueprints, product designs, customer records, company strategies, growth plans and employee records, may be either compromised or stolen outright. Such assets may have incalculable value to a business so that their theft leads to crippling losses.

Litigation

If an SMB has failed to implement reasonable protection measures prior to a cyberattack, they can be sued by customers whose information has been stolen. In the worst case scenario - if customers are financially impacted due to what may be perceived as negligence on the part of the SMB, they can be taken to the cleaners - legally speaking. That’s a double-whammy. It’s unlikely, but has happened and sadly, probably will again simply because there are still too many SMB’s who don’t take the threat of cybercrime seriously.

Protection costs: prevention is always better than cure!

There’s one expense of cybercrime can either stop or at least reduce the cost of all others: prevention. Businesses of all sizes need to implement strategies to protect against cybercrime. Even the smallest business should have strong passwords for all business systems and an annual subscription to reputable Anti-Virus software for work-related PCs, laptops et al.

Managed Service Providers (MSPs) employed by small to medium business should ensure ports are blocked, firewalls secure, and network, cloud and OS infrastructure regularly patched.

If an SMB’s staff have systems access and accounts, they must use multi-factor authentication and where possible - single sign-on.

Just as important as all the above, or possibly more so, is cybersecurity awareness training for all staff. No amount of technology can stop a staff member giving up secure information to a hacker. Employees must be trained to recognise such threats.

The biggest risk is inaction

The biggest risk facing SMBs is inaction. Ignoring the threat of cybercrime won’t make it disappear. Taking measures against cybercrime in today’s world is just as important as the locks on a store's front door.

Failure to put protective measures in place is equivalent to leaving the front door wide open with a key in the safe. By educating staff about the risks of cybersecurity, and putting in place multi-factor authentication, strong password policies and being vigilant at all times - SMBs can fight off the threat of cybercrime.

Contact Cyberlorian for more information about how you can improve your cybersecurity.

Raph Tripp has worked in a variety of roles including IT management, Operations, project management, PMO and as both systems and business analyst. Since 2000 he has worked in a range of industries including gaming, hospitality, managed services, NFP and education.

United Social Media
Previous

Multi-Factor Authentication
Next

BYOD - what is it?