The rapidly expanding Internet of Things (IoT) and a desire for a satisfactory work-life balance have brought about the age of the home-based worker. Being able to work remotely or run a small business from the comfort of your own home offers greater flexibility and potentially lower overheads. On the flip side of that, however, cyber-attacks are on the rise and having a sufficient cybersecurity strategy in place is more important than ever, for businesses great and small.
It’s easy to assume that only large-scale, high-profile businesses are at risk of cyber-attacks, as they are the only ones that ever make the headlines: a recent survey of SMB owners backs this up as it revealed that 57% believe it’s unlikely they will ever be targeted by cybercriminals.
How an attack could affect a business
Unfortunately, no business is immune from a cyber-attack and research shows that attacks on small businesses have actually been increasing; according to the Verizon Data Breach Investigation Report, 58% of breaches hit smaller businesses last year, an increase of 5% in just 12 months.
There’s also evidence to suggest that smaller businesses are less able to recover after an attack. Research by the National Cyber Security Alliance found that nearly two-thirds of small businesses, such as freelancers or home-based operations, go out of business within six months of a cyber-attack.
One reason for this is that they are less likely to have the financial capital or sufficient resources to deal with the aftermath of a hacking incident or the reputational damage caused.
For example, in the event of a cyber-attack a home-based business may need to fund the following:
- Replacing affected hardware and software
- Loss of earnings due to being out of operation during recovery (it’s also important to consider a reduction in sales/demand due to reputational damage
- Hiring professional support, such as an IT security expert and a lawyer to oversee a business’ recovery process
- Legal fees, should a customer sue if their data is compromised
- Reparations to reputational damage such as increased marketing costs and extra staff to provide additional customer support
When the potential costs associated with recovering from a cyber-attack are broken down, it’s a wonder that any business survives afterwards.
What to look out for
One of the most common hacking methods is via phishing emails that appear to be from a legitimate source but contain malware to gain unauthorized access to a business’ (and its customers’) private data. Therefore, it is important to recognize a phishing email from any genuine communication. If in doubt, simply don’t open or click on any links without checking in with an expert first.
Due to the mobile nature of most modern business devices, homeworkers are free to work from a variety of locations. In a recent survey conducted by Spiceworks, 61% of organizations surveyed said their employees connect company devices to public Wi-Fi networks when out and about or working outside of the office.
Whilst it might seem harmless to catch up on emails during a long train journey or whilst working from a local coffee house for a change of scenery, connecting to unsecured Wi-Fi networks put a device at risk of a ‘man in the middle’ cyber-attack posing a serious threat to data privacy.
Other ill-practices that will leave a business vulnerable to cybercrime include:
- Predictable passwords or passwords that are used across several platforms
- Insufficient protection from malware and computer viruses
- Storing information in folders that are not secured by a password or encryption
- Intercepting connections to non-secure public Wi-Fi networks
- Misplacing a device such as a laptop or phone containing sensitive data
Protecting a home-business from a cyber-attack
Unfortunately, no matter how well-prepared a business is, it can never be 100% safe from a cyber-attack. And when working from a comfortable home-office it is easy to become either blasé or negligent about the threats posed from outside.
However, there are several measures that can be put in place to minimize the risks to the business and client or customer data.
The first step is understanding what makes a business vulnerable. Staying up to date with the latest developments in cyber protection means being aware of any changes or areas where security is vulnerable to an attack and needs to be improved. It also means keeping informed of, and investing in, new anti-virus software and updates. For non-techie home business owners, this might mean investing in the expertise of someone outside of the company itself who is up to speed on the latest scams and solutions.
Human errors, such as disposing of devices without first wiping the data, opening phishing emails, and not storing sensitive data in encrypted folders on devices are all common mistakes that make a business an easy win for a cyber-attacker. Go that extra mile to ensure shortcuts aren’t taken and mistakes aren’t made.
Using a combination of letters, numbers and symbols will make passwords harder for a hacker to decipher. Whilst it can sometimes be a real headache trying to remember the catalogue of passwords accumulated across all online accounts, SMBs must resist the temptation to use the same password across several or all accounts. This will only make it easier for any opportunists to gain unauthorized access to a system.
Cyber liability insurance
Last, but by no means least, obtaining a cyber insurance policy is the final hurdle in ensuring a home-based business has maximum protection. Cyber liability insurance doesn’t just cover the time and costs involved in recovering from a cyber-attack – it also helps get a business back up and running as quickly as possible. With so much at stake, it’s perhaps surprising to learn that less than one in ten small business owners have a cyber liability policy in place.
What to do if you fall victim to a cyber-attack
It’s important to know exactly what to do in the event of an attack, and to act fast to minimize any fallout or threat to client information and to the business itself. However, in the immediate aftermath, it can be hard to think straight and formulate a useful recovery plan. Therefore this is something that all SMBs should plan ahead for.
It should include investigating how the breach occurred, taking affected systems offline, contacting an IT firm if the SMB doesn’t have technical know-how; potentially informing affected groups such as customers, suppliers, regulators, and finally making a decision about whether legal and marketing advice is required.
Business as usual?
A business that can’t ‘do business’ will be facing a loss in profits as well as recovery costs and in the meantime, the client base may turn to alternative providers and potentially not return. If this is the case, it’s important to provide regular updates to maintain some sort of relationship.
No-one likes being just another statistic but many SMBs are vulnerable to becoming just that – because they aren’t doing enough to protect their business from the increasing threat of cybercrime. It could well be you next.