Did you know that small practices are more likely to be targeted by cybercriminals than any other practice or organisation? It’s true! While we hear about major breaches on the news, we don’t get to hear the stories of the practices that struggle with hacking attempts and cyber-attacks.
Hackers love to go after small practices for one very big reason: small practices are less likely to invest in top-notch (or even worthwhile) cyber security. Hackers love this vulnerability.
According to the Verizon 2019 Data Breach Investigations Report, 43% of cyber-attacks hit small practices. The reason comes down to many factors, but there are two in particular that hackers really dig into when going after targets: lack of resources and lack of knowledge. Of course, there’s more to this story, as hackers also look at a practice’s customer base and the type of data the firm shares online.
A lot of small firms are also relying more on the cloud (and this is the trend moving forward), but then they do little to keep their line of communication with the cloud storage, or just the cloud storage itself, secure. According to Symantec, a lot of practices that rely on the cloud also fail to rely on strong encryption software. They just share their data to the cloud and let that be that.
Hackers attack small practices because they want money. Hackers go after targets they can profit from, whether they hold a practice’s data hostage and demand a ransom (and get that ransom – hackers got $460,000 from Lake City, Florida, officials after a ransomware attack on government computers, and that wasn’t the only Florida city to pay!), or by stealing customer data and either selling it on the dark web or black market, or using it for themselves.
The Verizon report also looked at the types of firms that are targeted. The top three are:
- Public administration (23,399 reported incidents and 330 confirmed data disclosure)
- Information services (1,094 reported incidents and 155 confirmed data disclosure)
- Financial and insurance (927 reported incidents and 207 confirmed data disclosure)
They go after these types of practices because this is where they can make their money – and it’s where they’ve discovered the most vulnerability. However, while these types of practices represent the top three, there are many more. Every type of firm is targeted. Some practices make it past the attack unscathed, but many don’t. Their data is compromised in one way or another.
Why are small practices targeted so much? It’s a numbers game. Hackers know most small practices lack good cyber security. This makes these practices easier targets. Target enough of them, and you’re going to make some serious money (from selling stolen data or paid ransoms).
So, what can you do about this? How can you protect your network? First and foremost, you have to realise YOU are a target. It doesn’t matter if you’ve never been hacked before. It just means the hackers haven’t gotten to you yet. Once you realise this, you can go to work and get your practice ready for the eventual attack.
This is where a risk assessment can do a lot of good. You may already have some security measures in place, but do you know how effective those measures are? You need to know where your holes are so you can plug them and then reinforce them. You don’t want just a wall around your practice you want an entire ocean.
But it doesn’t end there. One of the most powerful tools against hackers and cybercriminals is knowledge. Next to securing your practice, the best thing you can do is train your employees on understanding cyber security and the threats that exist to harm the practice they work for. Your team MUST know how to identify phishing schemes, fraudulent websites and virus scams, then stay regularly updated on the threats out there. (And don’t forget using complex passwords that are locked away in a password vault or manager to add another layer of security).
On top of this, work with an IT team who knows what they’re doing. It’s one thing to tackle this all by yourself, as many practices do, but it’s another to work with an experienced IT security firm. If you go it alone, you might miss something or you might not fully understand the security you have in place. Having an outsourced team of pros means you’re one step ahead of the hackers.