If you own or run a small to medium professional services firm, your firm is a target for hackers. According to a report by 4iQ, a cyber security analyst firm, from 2017 to 2019, there was a 424% increase in the number of attacks on small to medium firms.

At the same time, a survey by The Manifest, a business analyst firm, found that 64% of small to medium firms intended to put more time and money into their IT security in 2020. Many practice managers, partners and directors also noted an increase in attacks against their firms and websites and were ready to do more to protect themselves.

Cybercriminals love to go after small to medium firms. Since small businesses make up 98% of all employers in Australia, you can see why it makes sense. Hackers know that attacking small to medium firms can be worth the time and effort because they know they will eventually find a small to medium firm they can extort or steal from.

It all comes down to cyber security. If you have inferior network security (or none at all), you’re a prize for hackers. They have all kinds of tools at their disposal to get what they want. If you’re not careful, and if you haven’t invested in good network security, you may quickly find yourself becoming a victim of those tools.

Some of the hacker tools are much sneakier than many people realise. Here are two major examples.

Phishing Scams

Hackers know one of the easiest ways to break into a network is to bypass practical security altogether. Instead, they go after the human element. They send e-mails to unsuspecting recipients in the high likelihood that those recipients will open the e-mail and follow the false instructions.

The criminal may include an attachment. When clicked, the attachment installs malware on the victim’s computer. The malware might look for private information, like financial numbers or personal information, or it may lock the computer down until the victim pays an exorbitant sum.

The criminal may include a link to another website. Phishing e-mails can look like legitimate messages from well-known companies, such as Australia Post, DropBox or Amazon. These e-mails often tell you that your account has been compromised, a phrase that is designed to scare victims into clicking the link and providing their personal information to protect the account. Put that information in, and you hand over that information to the criminal. This is why employee cyber security training is a must!

Password Exploits

Many people don’t realise how dangerous it is to reuse the same username and/or password for everything – or to never update their passwords. It’s very likely that at least one of your active passwords has fallen into the hands of hackers. They may have gotten it years ago from a website that doesn’t exist anymore. But if you are still using that same username and password for other websites and accounts, you are putting yourself at risk.

According to Trace Security, nearly 80% of all data breaches are the result of simple or reused passwords. Some of the most popular passwords today include things like “12345,” “password” and “qwerty.” Even worse, many firms use passwords like these to protect sensitive data such as banking information and customer records. If a password is old or easily guessed, it offers nearly the same protection as no password at all! Change your passwords at least every 60-90 days and use different but secure passwords for everything.

The great news is that it’s easier than ever to protect your firms from things like phishing scams, data breaches and so much more. Just because you haven’t had any major problems for years, or at all, doesn’t mean you should assume nothing will happen in the future. You might also think that you simply don’t have the time or resources for good security.

The even better news is that you don’t need to spend a lot of time or money to secure your firm against hackers and cybercriminals. All you really need to do is partner with an IT services firm that knows cyber security inside out.

When you work with a dedicated IT security company, they take care of you. They can monitor your network 24/7 and make sure the bad guys don’t get in. They can make sure your data is backed up to a secured server so that if anything does go wrong, you don’t lose a beat. They can even provide you with round-the-clock support should you have any questions or concerns. It’s a surprisingly easy and cost-effective way to protect your firm and to put the cybercriminals in their place.