As everyone knows, cybercrime looms larger now than ever before — not just personally but for businesses, too. Such high-profile companies as Sony, Adobe, Equifax, Marriott International, and Yahoo! have learned this excruciating lesson firsthand. Traditionally, it was only big companies like these that were the target of cybercriminals and hackers. But now, thanks to some of the more insidious effects of COVID-19 — like an exponentially increased need for videoconferencing and a literally overnight switch to remote data exchange and work sessions — companies large and small must face the sober reality that cybercrime is an existential threat. In fact, according to a 2019 CNBC report, 43% of cyberattacks are aimed at small businesses, with an average damage cost of $200,000, while Security magazine reported last February that 60% of small businesses could “go out of business due to damages associated with a cyberattack.”
Robert Cioffi, COO and cofounder of Progressive Computing, in Yonkers, agrees. “Small and midsize businesses have historically remained below the radar when it comes to cybersecurity threats — but now that’s changed,” he says. “Hackers are focusing on them like never before.”
Cioffi, who launched Progressive Computing in ’93, went on to say that infiltrating large corporations has become more difficult in recent years, as such companies have the deep pockets to bolster their IT infrastructures. This has forced hackers to redirect their energy to less protected entities, like small businesses. Yet, paradoxically, it is the comparatively modest budgets of smaller businesses that make a formidable cybersecurity infrastructure even more vital, as they are less well-equipped to absorb the financial loss that cyberattacks often inflict.
Additionally, says Cioffi, the coronavirus has ripped open portals of vulnerability that hadn’t existed before. “If I’ve got a house with one door, I really only have to secure that door. But now, the house got a lot bigger, so there are a lot of windows and doors to get in,” he says, referring to what his industry calls the “attack surface area.” Hackers exploit these areas by expanding their target pool to include not just entities at the corporate level but also their employees.
The good news, says Cioffi, is that small businesses don’t have to spend themselves into chapter 11 in order to muscle up their cybersecurity. “Rome wasn’t built in a day, and if yours is a million-dollar-a-year business, you don’t need to spend six figures on cybersecurity.” He recommends getting an experienced, trusted advisor as a first step, then doing a risk assessment to expose the “low-hanging fruit,” meaning areas of most critical vulnerability.
Lastly, says Cioffi, businessowners should keep a close eye on their social media habits. “Your social media footprint reveals a lot about who you are, what your likes and dislikes are. It gives a lot of psychological information about how to potentially breach you, so be mindful of what you are putting out there.”