It’s that time of year again!

With Black Friday, Cyber Monday, and Christmas right around the corner, businesses are eagerly awaiting the flood of customers motivated by the holiday spirit. While this certainly presents opportunities for small to medium-sized businesses (SMBs), it also poses a serious question that all business owners must ask themselves...

Is my SMB secure this holiday season?

Last year, Cyber Monday alone grossed an incredible $9.4 billion, a 19% increase from 2018. Smaller retailers who were well positioned for this trend reaped the benefits in 2019, seeing a 337% increase in sales during the holiday season. As shoppers increasingly gravitate towards digital spending, online sales via smartphones grew 46%. These online sales numbers will likely be shattered this year due to the COVID-19 pandemic.

This is supported by a recent survey which found that 74% of consumers plan to shop online, not in stores, during the week of Thanksgiving due to COVID anxiety. These numbers are up from 62% a year earlier.

Because of the shift towards digital spending, this season also presents a massive opportunity for hackers who prey on the vulnerabilities and missteps of small businesses. In 2019, hackers stole a staggering $4 billion from businesses, up from $1.7 billion in 2018. The frequency of these attacks is also increasing annually, with a cybersecurity attack taking place every 39 seconds. More than 60% of small businesses reported they weren’t confident in their ability to survive a single breach. 

The reality is, most small business owners are unaware that their businesses are just one email or click away from massive financial loss. Some of the most common attack methods utilized by hackers include phishing, whaling, Distributed Denial of Service (DDoS) attacks, malware, and ransomware. With 300,000 new malware being created every day and new types of viruses being developed that bypass basic firewalls and defenses, it is more critical now than ever for businesses to protect their hard work and take command of their cybersecurity.

“But don’t cyber breaches only happen to the top companies with billions of dollars worth of data?” The answer to this common misconception is, unfortunately, no. The high profile cases we see on the news involving large companies like Uber and Adobe simply overshadow where the bulk of cyberattacks happen. In 2019, 58% of cyber attack victims were small businesses, with this number only expected to rise due to the boom in pandemic fueled e-commerce. These smaller companies offer much cushier, softer targets for hackers due to their lack of robust cybersecurity and understanding of the threat. Furthermore, these attacks hurt smaller businesses disproportionately more, with 60% of small businesses permanently closing after suspending operations due to a breach. These breaches are silent killers.In fact, the average breach goes undetected for 206 days. 

Take the story of small business owner Rick Snow reported in the WSJ, for example. For years Rick ran a highly successful mannequin company in Brooklyn with around 100 employees. Years of hard work all came crashing down in a mere 24 hours when the company lost more than $1.2 million due to a malicious cyber attack. Rick only realized a potential problem when the head of finances got error messages while logging in to the company’s bank account. Upon investigation, an IT team determined that the hacker had scraped the company’s banking info through a sophisticated virus that had gone completely undetected by the company’s new antivirus program. Luckily, Rick managed to recover much of the money within a couple of days, but $200,000 remained permanently lost. 

This goes back to the previous question, how confident are you in your business’s ability to defend itself or withstand a cybersecurity threat?

The bottom line is, if you can’t answer “very confident” to this question, you are likely leaving your business exposed to cyber threats. The good news is, like any threat facing a business, it can be mitigated through awareness, understanding, and taking necessary action. Here at Zeguro, it is our mission to make sure scrooge hackers don’t ruin your holidays. 

Here is our action plan on how to keep your business safe during the holiday season:

1. Make sure your passwords are strong and unique. Regularly update them in case they’ve been compromised, and use multi-factor authentication. Account takeover and credential stuffing attempts, during which bots attempt to login to your accounts with stolen credentials, were found to reach their peak right before Black Friday.
2. Educate your employees on security best practices. Phishing is an ever-present threat but holiday deals make for savory campaigns.
3. Scan your website and web applications for security weaknesses, especially if you’re an online retailer or SaaS provider expecting increased web traffic during the holidays. 
4. Keep all software and hardware updated. Patches to known vulnerabilities are often released with updates.
5. Make sure to have an incident response plan, so your employees know what to do if a cyber attack does occur. 
6. Get comprehensive cyber insurance. Should your security measures fail, cyber insurance provides a safety net that reduces your business’s financial burden in the event of a cyber attack. 

‍