Cybersecurity is too expensive; Besides, cybercrime only happens to big businesses. Right? Not quite. Greg Brainard, founder and CEO of Braintek, one of Houston's most successful IT support and managed IT services companies, warns, "Small to medium businesses think they aren't worth a cybercriminal's time. It's been said more than once, and there is a reason for that – if you're an SMB, it's not a matter of if you suffer a cyber-attack but when."

A large percentage of cyber-attacks happen to small businesses, mainly because they aren't prepared to defend themselves. Small businesses that ignore cybersecurity do so at their own risk, according to Verizon's 2022 Data Breach Investigations Report. In fact, 43% of data breaches involve small business victims. What's more, cybercriminals use quite a few methods to gain access to your internal data.

Phishing is a popular method for hackers to get to your personal information. They do this by sending a legitimate-looking email to your inbox. It may resemble an authentic address, and the logos are familiar, but beware. Once you click on the link included in the email and type in your username and password, you've just given the bad guys access to your account.

Cybercriminals can also buy your credentials on the dark web. "They use your information and hack into your LinkedIn or other social media accounts," Greg notes. "A huge mistake many people make is they use either the same password or variations of the same password across multiple accounts. This makes it so easy for the cybercriminal to do their hacking."

Why do hackers hack email? "They want to get to a business's owner, CEO or CFO," Greg explains. "They want to go to the person handling the finances."

Once they're in, the hackers find ways to redirect a company's invoices and have the vendor pay them directly. Often, the business never even sees the invoice, so they are unaware it was sent in the first place. "Eventually, you get to a point where you notice your vendor hasn't paid, and you reach out to ask why," notes Greg. "The vendor, of course, tell you they did pay [the hacker] and have satisfied their debt. This creates so many problems for the hacked business."

Another common technique is the hacker will send an email seemingly from an in-house employee asking to change financial arrangements. Always follow up with that person to confirm it was coming from them.

Greg offers 5 cybersecurity protections that will save your business:

  1. Email Protection: Our Anti-Spam solution scans every email file and attachment for malware and ransomware before it reaches the inbox. It is a solution that will prevent malicious emails, phishing and files from reaching the inbox. "It's not 100 percent foolproof, but it's pretty close," Greg says of the technology he installs for his customers.
  2. Two-factor authentication — also known as '2FA' or 'MFA' – offers an extra layer of protection that can make all the difference. 2FA helps protect your accounts by requiring a level of identity verification beyond basic login credentials.
  3. Create different unique passwords across multiple accounts. "You make it so easy for the hacker to get into your private accounts if you use the same username and password combination," Greg notes. "There are apps, Password Managers, that will store your multiple passwords, so you won't have to remember each one."
  4. Managed Detection and Response (MDR) is a monitoring service for your mailbox and workstation. MDR scans your online activity and looks for unusual user methods that indicate hacker activity. It also examines from where they're logging in. "If it's not a place that's familiar to the system, we receive an alert," Greg says.
  5. Regular security awareness training Make cyber security an integral part of your company culture. Getting your team on the same cyber security page is essential to keeping your systems safe from attacks. Security awareness training should be an important part of your culture. "At Braintek, we prioritize education with our clients," says Greg. "We offer training, videos for spotting and recognizing threats, and we do phishing simulation tests; we send out monthly two-minute-read emails with little quizzes. It helps keep the possible threats REAL. "We know cybercriminals are working overtime to steal data from SMBs. That's why we offer a full range of cyber security protections for every budget. It starts with a security risk assessment from Braintek," Greg adds.

The assessment is offered at no extra cost and no obligation, Greg says. Moreover, the thorough evaluation provides crucial information, even if you don't sign up with the company. According to Greg, the review includes sending out a link that runs on multiple computers, simulating a phishing attempt. From there, the team conducts a noninvasive, confidential investigation of a computer's network and security protocols. Once the scans are completed, Braintek conducts a one-hour meeting to review a Report of Finding.

You have nothing to lose and everything to gain. You've worked years to get where you are today. Don't allow cyber criminals to get away with taking that from you. And certainly don't "hope" your IT guy has you covered. Get the facts and ensure you and your business is protected.