Small businesses are among the most skeptical of adopting cloud technology to manage their finances. Recent research from Software Advice found that most SMEs prefer in-house payroll systems, for example, for fear that crucial financial details and employee information will be stolen if payroll is moved to the cloud.
But as the Software-as-a-Service market expands, and as technology companies promote the cost-saving benefits of cloud services, SMEs face more pressure than ever to adopt cloud services to manage their cash flow – and to recognize that their security fears are overblown.
New research from Symantec, however, suggests that small business owners might be right about their cyber threat anxieties.
An Unlikely Target
According to Symantec’s latest Internet Security Threat Report, SMEs may assume that because they are small and relatively anonymous, they fly under the radar of hackers, who instead target big conglomerates in hopes of big yields.
“Being small and relatively anonymous is no protection,” Symantec researchers concluded. “In fact, attacks in 2014 confirm that determined attackers often attack a target company’s supply chain as a way of outflanking its security.”
These attacks are increasingly geared specifically toward small businesses. About 60 percent of all targeted cyber attacks that occurred in 2014 hit small- and medium-sized businesses. The percentage of spear-phishing attacks that hit small firms, for example, rose in 2014 to 34 percent (up from 30 percent the year prior). Spear-phishing, in which a hacker sends an email from a familiar and seemingly friendly account to access data like bank account and credit card numbers, is just one of dozens of techniques used by cybercriminals to access private data.
The attacks are becoming more sophisticated and responsive to market fluctuations, too. Symantec highlighted how the rise in the Internet of Things and the influx of mobile devices in the workplace means cybercriminals are increasingly gearing their attacks for the mobile device.
While data theft can occur in any business, regardless of size, Symantec concluded that small businesses are at a disadvantage when it comes to security. “These organizations often have fewer resources to invest in security,” the report concluded, “and many are still not adopting the basic practices like blocking executable files and screen saver email attachments.”
Not only can data breaches affect small businesses’ corporate partners, it is costly for everyone.
What SMEs Can Do
Symantec’s conclusions that many small businesses are not only targeted by cyberthieves, but are also unprepared to deal with these threats, raises a major issue for SMEs looking to bring their banking to the cloud.
But electronic banking offers a slew of benefits, from faster invoicing and payments between corporate buyers and their suppliers, to insurmountable visibility into cash flow – key to the survival of a small business, especially. So should SMEs give up these benefits in the name of cybersecurity?
Not a chance. Symantec partnered with the Better Business Bureau along with Visa, NACHA and Kroll’s Fraud Solutions to piece together what businesses can – and should – do to secure their financial data when they adopt electronic and cloud-based banking solutions.
Key to avoiding security issues is for small business owners not to take a “wait-and-see” approach, the team found. Credit reports should be checked regularly and connected to fraud alerts.
In a recent article, the BBB’s Mechele Agbayani expanded on the financial practices small businesses should adopt to protect themselves. Updating virus protection software and implementing a “dual control” payment process is crucial, she said.
“One employee will authorize the creation of the payment file and a second employee will be responsible for authorizing the release of the file,” Agbayani explained. “This process should be in place regardless of the type of payment being initiated, including checks, wire transfers, fund transfers, payroll files, ACH payments, etc.”
And small businesses should choose their financial services partners wisely, working only with those that provide multi-factor authentication measures to set up and access financial accounts.
Small business financial security is no easy feat. Business owners have to balance robust security measures with limited resources. Plus, thanks to technological advancements, Symantec says that the traditional perimeters of a business are blurred – corporate use of a mobile device and the cloud mean the boundaries of a corporation expand far beyond the office walls.
But with cyberthieves increasingly targeting small businesses, the research suggests that cybersecurity should be a paramount priority for business owners.