One of the key business takeaways from the pandemic is that companies must do a far better job of protecting themselves from cybersecurity threats. In 2020, when employees were forced to work from home, more than 37 billion records were stolen in data breaches, a 141 percent increase over the year before, according to Risk Based Security. And it’s getting worse. The Identity Theft Research Center found that 2021 data compromises were up 68 percent compared to 2020. 

While breaches happen to companies of all sizes, many entrepreneurs work from home, leaving critical company and employee data much easier for hackers to steal. Indeed, security firm Coveware found that more than 40 percent of all ransomware attacks - which is when hackers hold a computer hostage until a fee is paid - in the third quarter of 2021 happened to small businesses with fewer than 100 employees, while 43.6 percent were focused on medium-sized companies between 101 and 1,000 employees. 

Eric Cole, founder of Secure Anchor, an Ashburn, Virginia based cybersecurity company, says that while threat actors are taking advantage of poorly protected at-home networks and loose cybersecurity policies, the hacking industry has also evolved during the pandemic. It used to be that one person would try and steal as many records as they could from a large company. Now, hacking companies with teams of people are being created to steal millions of records from a larger number of smaller businesses. 

“Cybercrime is being commercialized and what that’s done is it’s lowered the bar,” he says.

“Now hackers are saying, ‘Why should I go after a Fortune 500 company that might take 12 months to break into when I can go after small and medium-sized businesses that have sloppy measures in place? If I can get $100,000 worth of records from 50,000 companies, then that adds up quickly.’” 

As more businesses head back to the office and business activity increasing, small and midsize businesses (SMBs) must make sure they’re protecting themselves from emerging threats. How? Here are some ideas. 

Turn on two-factor authentication

One of the best ways to prevent an attack is through two-factor authentication, which is when a user has to enter two passwords, usually the one they set and also a code that gets texted to them. If a hacker can guess the first password, they usually can’t figure out the second, which changes every time a person logs in. However, businesses must turn on this function for their clientele, which is something many forget or don’t want to do. “The cloud providers will give you two-factor authentication, but they don't think the consumer base is going to tolerate the inconvenience out of the gate. So, all those features are turned off by default,” says Cole. “Small businesses must turn these features on and yes, it might be an inconvenience, but the ultimate inconvenience is going out of business.”

Use two devices

Cole’s own research has found that 97 percent of data breaches are against local computers, devices and servers - not servers stored in the cloud. Almost all these attacks were caused by people clicking on attachments, embedded links in emails, or surfing to inappropriate websites. It’s for that reason that Cole suggests that people use two devices at work-one for doing their work, such as report writing and data analysis-and one for emails and web-surfing. That way, if you click on a bad link, the hacker can’t get at any mission-critical information. Cole also says to use an Apple device for email, as they’re much less susceptible to attacks. 

Watch out for texts, calls and letters

More attacks are also happening by phone, text and even letters, especially since people started working from home, says Cole. For instance, hackers are paying people in call centers $10 an hour to pretend they’re from the Internal Revenue Service (IRS) and demand money from unsuspecting individuals. They’re also sending texts and even snail mail letters that seem as if they’re coming from legitimate organizations. As more people learn that the IRS will not contact taxpayers by email, hackers are turning to the postal service. “They look like they’re from the IRS, but when you call the number listed, it’s a scam,” Cole says. 

Hackers are becoming more sophisticated all the time, which means more threats will continue to emerge,  especially in a post-pandemic hybrid work environment where people are moving between their offices and homes. Other than using technological tools to protect a business, owners must ensure their staff are aware of what data is vulnerable, how to handle information properly and how to identify a virus-laden link. “The good news is that if you have a little bit of awareness and you’re running basic security, you can stop and prevent most of these attacks,” Cole says.


For more compelling content like this, please visit The Hartford’s small business blog.