Have a Question? Call 440.974.2900

How cyber-attacks have affected small to medium size businesses in 2022

As we look back on 2022, it’s clear that the cyber attacks continue to pose a significant threat to small to medium size businesses (SMB’s). In fact, a report by the National Cyber Security Alliance found that 60% of SMB’s that experienced a cyber attack went out of business within six months.

Here are some ways that cyber-attacks affected SMBs in 2022:

1. Increased frequency of attacks

Cyber attacks on SMB’s continued to increase in frequency in 2022. This was due in part to the rise of ransomware-as-a-service (RaaS) platforms, which make it easier for hackers to launch attacks. According to a report by SonicWall, there were over 300 million ransomware attacks in 2022, a 62% increase over the previous year.

2. More sophisticated attacks

In addition to being more frequent, cyber attacks on SMBs also became more sophisticated in 2022. Hackers began using more advanced tactics, such as spear phishing, which involves targeting specific individuals within a company with highly personalized emails or messages. These attacks are often difficult to detect and can be very effective at stealing sensitive data.

3. Increased costs

The costs of cyber attacks continued to rise in 2022, with SMBs bearing a significant portion of these costs. According to a report by IBM, the average cost of a data breach for an SMB was $2.5 million in 2022. This includes the costs of remediation, lost business and reputational damage.

4. Regulatory compliance

SMBs also faced increased pressure to comply with regulatory requirements related to cybersecurity. In 2022, the California Consumer Privacy Act (CCPA) went into effect, requiring companies to provide consumers with more control over their personal data.

What can SMBs do to protect themselves against cyber attacks in 2023? We discussed some in a previous blog, but will recap again:

1. Educate employees

Employees are often the weakest link in a company’s cybersecurity defenses. SMBs should provide regular training to employees on how to identify and avoid common cyber threats like phishing attacks.

2. Implement Multi-factor Authentication

Multi-factor Authentication, which requires uses to provide two or more forms of identification to access a system or application, is a simple yet effective way to improve cybersecurity.

3. Back up data regularly

Regularly backing up data to an offsite location can help minimize the impact of a ransomware attack or other data breach.

4. Partner with a reputable provider

SMBs should consider partnering with a cybersecurity partner that specializes in working with small businesses. A partner can help identify and address potential vulnerabilities and provide ongoing monitoring and support.

Cyber attacks will continue to be a threat to SMBs in 2023 and beyond. However, by taking proactive steps to improve their cybersecurity, SMBs can reduce their risk and protect their sensitive data. The cost of prevention is far lower than the cost of remediation and reputational damage that can result from a cyber-attack. As the old saying goes “An ounce of prevention is worth a pound of cure”.

Tiered versus All inclusive contracts with your MSP partner

Tiered managed service providers offer a variety of services that can be tailored to your specific needs. This means that you can select the services that you feel you need and for them on a pay-as-you-go basis or a monthly set fee for that platform. This can be beneficial for businesses that have limited budgets, smaller scale needs or have specific requirements that may not be covered under an all-inclusive plan.

On the other hand, all-inclusive managed service providers provide all of the services you need in one package. This can be much more cost-effective for businesses that can benefit from the comprehensive service.

While selecting a provider and choosing between the two platforms, speak to your sales representative, understand the difference between the two, look at the contract or agreement and make sure there are no hidden fees- especially if your provider is only providing remote maintenance versus on-site. On-site hourly work rates can be very costly and can result in spending more money than if they chose an all-inclusive program.

When it comes to customer support, it’s important to consider how both types of providers handle customer issues. Tiered providers typically offer customer support on a pay-as-you-go basis with limited time per month and calling into a general help desk center. This means you will be charged for the services you use, which again can become very costly to the business. Additionally, be aware in tiered services of availability for customer support. Do they have limited hours and response times?

All-inclusive providers offer more comprehensive customer support, as they typically have dedicated teams that are available beyond normal working hours. This can be beneficial for businesses that need constant customer support, such as those that operate in global markets or run three shifts that may require technical assistance. Additionally, all-inclusive providers have a team of technicians that know your business infrastructure and will not have to repeat your issues to multiple technicians to get the problem resolved.

Finally, it is important to consider the cost of both types of managed service providers. Tiered providers generally appear more cost-effective, as you can select your service needs with lower monthly reoccurring costs- but additional billing and more time auditing. All-inclusive can offer more comprehensive coverage and generally will be more expensive on a monthly basis- but with complete coverage and budget simplicity. Ultimately, the true costs of a provider should be carefully considered as well as reputation, both client and staff tenure, and business stability/longevity; you want to make sure your company is safe and secure at all times.

Why companies should be using Multi-factor Authentication (MFA)

Why companies should be using Multi-factor Authentication (MFA)

Multi-factor Authentication has become increasingly important for companies as cyber threats and data breached are on the rise. MFA provides an extra layer of security by requiring users to provide two or more forms of authentication before accessing sensitive information or systems. In this blog, we will be discussing why companies should be using MFA to secure their data and systems.

First and foremost, MFA helps to prevent unauthorized access to sensitive information and systems. Passwords are often the first line of defense for companies, but they can be easily compromised through methods such as phishing attacks or social engineering. MFA adds an additional layer of security by requiring users to provide a second form of authentication, such as a fingerprint, security token or a code sent to your mobile device. This makes it much more difficult for attackers to gain access

Another reason why companies should be using MFA is to comply with regulations and industry standards. Many industries have specific regulations that require companies to implement MFA for their systems and data, such as HIPAA, NIST & CMMC. By using MFA, companies can ensure they are complying with these regulations and standards, as well as possibly lowering their cybersecurity premiums.

MFA also helps to reduce the risk of data breaches. Data breaches can be incredibly damaging to a company’s reputation, not to mention the financial losses that can result from the theft of information. Even if an attacker is able to obtain a user’s password, they still need to provide the second form of authentication.

With MFA, only authorized users are able to access information and the additional layer of authentication makes it much more difficult for unauthorized users.

Finally, MFA can also help to improve the overall security posture of a company. By requiring users to provide two or more forms of authentication, companies can ensure that only authorized users are able to access information and systems. Additionally, companies can demonstrate to their customers and stakeholders that they are committed to protecting sensitive information and systems, which can help improve trust and confidence in the company.