Remote working increases cyber risk for small businesses
The pandemic has changed the way we do business in many ways. One of the most remarkable changes – and one that may become permanent for many businesses – is remote working. While this has been an advantage for many firms that were able to continue to generate revenue even while workers had to stay at home, it’s had its downside too.
Remote work and cyber vulnerability
The drastic increase in remote working due to the pandemic has come hand in hand with an increase in cyber incidents. The Hiscox Cyber Readiness Report 2021 found that the percentage of remote workers at small businesses more than quadrupled – from 14% to 63% – since the pandemic began. At the same time, cyber attacks are increasing, both in number and in cost. In the past 12 months, small businesses, defined as those with fewer than 250 employees, have averaged five cyber attacks with an average total cost to the business of $25,612.
Here’s what you need to know about this increased risk, and how to protect your business.
The increase in cyber attacks since more people have been working from home is not a coincidence. Most people’s home computer systems do not have the same level of security as a business system, and more information has to be exchanged outside of a business’s network when staff are working from home. The pandemic has also put additional pressures on many businesses, leaving them little bandwidth to focus on cyber security issues.
Remote work is not the only change businesses have made. Some of the other changes small businesses have made due to the pandemic may also have impacted their vulnerability to cyber attacks, according to the Hiscox Cyber Readiness Report 2021. Here are some examples:
• 40% of small businesses reduced their operational costs, with some of those cuts likely coming in the area of cyber security
• 36% paused hiring, possibly leaving critical technology positions unfilled
• 26% increased their use of collaboration technologies like virtual meeting software and project or team management systems
• 23% expanded online payments, collecting more sensitive customer data than before.
Each of these changes individually increases a company’s risk of being hacked. Taken together, they may present a significant threat.
How criminals get your data
The most common first point of entry for cyber criminals was corporate-owned servers (34%) and corporate cloud servicers (also 34%). Once hackers gained access to corporate servers, the most common outcome for small businesses was IT resource misuse, such as using IT infrastructure to mine cryptocurrency, as happened in one-third of cases.
Business are trying to keep up with their partners’ demands too
In addition to concerns about their own vulnerability to cyber attacks, small businesses are feeling pressure to comply with the requirements their business partners have for security. In fact, 20% of small businesses said complying with the security requirements of partners was their most critical priority over the next 12 months. Slightly fewer (18%) said their top priority was addressing existing threats and vulnerabilities.
Hackers are taking advantage of the pandemic
Cyber criminals have always been opportunistic, and, for them, the pandemic is another – very lucrative - opportunity.
“Small business is big business for cyber criminals, and that’s only been exacerbated during the pandemic. An unprecedented surge in employees working remotely has created more vulnerabilities in businesses’ networks,” said Meghan Hannes, Cyber Product Head for Hiscox in the US.
“Small businesses have had a difficult time in the past year, but it’s essential to keep on top of cyber security. Cyber criminals are voracious in adapting and mutating their viruses, and continuous education and preparation serves as our digital face mask.”
What you can do to protect your business
Take a three-step approach to protecting your business against cyber incidents.
1. Prevent an attack from happening in the first place.
Hold your remote workers to the same standard you apply to those who are (or were) in the office. This means providing appropriate security no matter where the work takes place. Make sure all your employees know how to identify a phishing email and whom to contact if they suspect a breach. Hiscox cyber security insurance includes Hiscox CyberClear Academy, an online suite of training modules designed to reduce the risk of cyber incidents.
2. Detect an attack early.
The earlier you realize that something is wrong, the quicker you can act to contain the damage. Having the right resources to call on – and calling on them – is critical.
3. Mitigate the impact on your bottom line.
If you use computers, collect customer data or use electronic payments, you should have cyber security insurance. The cost of insurance is far less than the cost of a single breach, and its value goes well beyond that. Hiscox cyber security insurance includes breach response resources that will help you get back to business fast.
Get a quote for Hiscox cyber security insurance today.