Small business owners: protecting your business against cybercrime is now more important than ever.

In 2015, the U.S. Director of National Intelligence ranked cybercrime as the No. 1 security threat in the country. Despite popular belief, cyber criminals actually prefer small businesses simply because they are easier to infiltrate.

As technology advances, cybercrime tactics used to steal your business’ sensitive data will advance as well. Payroll outsourcing company Paychex cites that over 70 percent of cyber attacks specifically target SMBs.

Let’s take a look at four crucial cyber threats that could impact your business’ data security in 2016.

Data Breaches
Businesses feel the effects of data breaches through financial losses and loss of customer trust. The number of data breaches that have occurred in 2016 – 725 – is on track to surpass last year’s total count of 781. Recovery from a SMB data breach can cost between $36,000 and $50,000, which can be especially devastating to smaller companies.

Firewalls are put in place to block criminals attempting to hack into your business’ network. However, malicious software that is mistakenly downloaded by employees is often the culprit behind data breaches. Employee error and accidental email/Internet exposure caused nearly 30 percent of all data breaches in 2015.

Malware
Malware is most often introduced to a company’s secure network via phishing emails sent to employees. Symantec noted that the number of spear phishing attacks targeted at employees working for small businesses increased by 55 percent in 2015. Knowing that only 7.9 percent of a SMB’s budget on average goes toward the business’ security, hackers are much more likely to launch cyber attacks against small businesses that have weaker security systems.

Network Vulnerabilities
Unauthorized access to your business’ network via a security flaw can be damaging to your company. Hackers take advantage of security flaws within your business’ software because they act as back doors into your network. According to the Cloud Service Alliance, 75 percent of all cyber attacks target known vulnerabilities.

The Shellshock bug continues to pose a significant threat to a wide range of businesses, accounting for 13 percent of all retail cyber attacks in 2015. Shellshock is particularly threatening to businesses because it affects commonly used server operating systems such as Linux or Unix. In fact, over 80 percent of Internet hosts sites are affected by Shellshock. If exploited successfully, the vulnerability can allow criminals complete access and control of your business’ network.

Mobile Devices
While mobile devices are meant to improve efficiency, criminals can also exploit unsecured laptops and smartphones to gain entry into your business. Many businesses allow employees to connect their personal devices to the corporate network — so-called “bring your own devices” or BYOD. However, this can pose a threat to your company’s cybersecurity since over 75 percent of employees do not secure their computers.

Criminals also target corporate cloud services because of the large pools of data they can hold. Even though many of today’s cloud services offer sufficient security measures to prevent hackers from accessing sensitive business data, initial misconfiguration or misuse by the business user of these services can lead to vulnerabilities in the services’ defensive features.

Finally, any device that is connected to the Internet can be hacked. Devices such as DVRs, printers and Smart TVs (known as IoT devices) can help hackers gain access to your business’ network through unsecured Wi-Fi networks. If successfully hacked, criminals can compromise these devices and turn them into “bots” that can be used to unwittingly target other victims as part of future attacks.

What should you do?

Follow these tips to help safeguard your small business from this year’s biggest cyber threats:

  1. Implement the proper security measures.
    Use and continuously update firewalls to keep hackers out of your network. Furthermore, make sure to regularly update company software to patch any security flaws and known vulnerabilities.
  2. Properly train your employees.
    If your employees are educated about the common cyber threats specifically targeting them, they will be more likely to recognize a cyber threat and report it to you or your security team. Employees can help detect certain cyber threats earlier so that you address and manage them more efficiently.
  3. Secure your Wi-Fi network.
    Wi-Fi networks should be password-protected, encrypted and hidden from public view. Access to the secured network should be limited and monitored regularly.
  4. Adhere to strict regulations regarding the use of personal devices.
    Ideally, your employees should not use their personal devices on the business’ secure Wi-Fi network. If it is absolutely necessary, dedicate a separate Wi-Fi network for their personal devices to protect your business’ servers should the network be compromised.
  5. Consider allocating a separate network for your IoT devices.
    Similar to the personal devices, having a separate network for your IoT devices will decrease the chances of hackers gaining access to your business’ main network.