By Karl Bateson, Director, Global Communications, Acronis
When it comes to cyberattacks, small and medium businesses (SMBs) are among the most appealing and frequently targeted organizations, with cybercriminals drawn to their lax security and lower profile. These cyberattacks can cost thousands if not millions in damages, with ransomware being one of the most aggressive and commonly used forms of digital extortion. To protect yourself against these attacks and continue as unscathed as possible in event of one, it’s important to know the most common security vulnerabilities of SMBs and how to avoid them.
A lack of cybersecurity awareness is one of the biggest vulnerabilities I see across organizations everywhere, regardless of scale. It’s not enough to try to keep your backdoor completely secure, as cyberattacks are using increasingly nefarious and undetected methods to target businesses. Social engineering, misinformation, phishing attacks, scam calls and fake websites are just a few of the ways attackers can strike. Over 90% of successful cyberattacks involve a mistake or breach through social engineering, which can easily be mitigated with proper and frequent employee training and refreshing.
Weak cybersecurity policies are also one of the most significant vulnerabilities SMBs experience, with weak, easy-to-guess passwords foiling the efforts of otherwise effective safety measures. A modern computer only takes around an hour to break an eight-character password with uppercase and lowercase letters, numbers and symbols. Short passwords or passwords with only numbers and letters are even less secure, with computers able to instantly guess such combinations.
SMBs frequently run on outdated software, creating holes in their security and inviting attackers to target known vulnerabilities. Regularly updating your software is one of the best ways to keep your business or organization secure. Outdated software is susceptible to well-known vulnerabilities due to a lack of security updates, which would keep your software and hardware protected against the latest exploits. Keep all systems with software connected to the internet to regularly receive these updates and keep your infrastructure fresh.
Another common vulnerability in SMBs is lacking physical security policies. Wi-Fi networks, for one, are frequently accessible to attackers due to weak and easy-to-discover passwords. Unlocked computers also leave your company open to compromises, as anyone who walks into your office — contractors, vendors, etc. — can access valuable and confidential information.
Finally, but perhaps one of the most consequential vulnerabilities is a lack of secured cloud services. Many SMBs fail to fully secure their cloud services by re-using passwords and forgoing two-factor authentication, which makes it easy for criminals to penetrate infrastructure. Even using a single account for multiple employees creates an opportunity for an attacker to obtain credentials and access data stored in the cloud. And social media accounts can enable intruders to exploit employees’ personal information and attack them with social engineering techniques.
Patching all of these vulnerabilities may seem like a headache, but the amount of money and time these changes will save you is worth any hassle. Keeping your employees up to date on active cybersecurity policies and using stronger passwords alone could potentially save your business from a devastating attack. If you stay on top of security, your resilience alone can outpace that of your competitors and pay off for years to come.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.