My Company Was the Target of a Cyberattack, and Yours Could Be Too Historically, cyberattacks have targeted large enterprises, but that is quickly changing, as hacks and demands for ransomware are hitting more small and mid-sized businesses.

By Kathleen Duffy Edited by Amanda Breen

Opinions expressed by Entrepreneur contributors are their own.

In the United States, a cyberattack occurs every 39 seconds, according to Security Magazine. Still, it wasn't until the attack on Colonial Pipeline, the major supplier of gas to East Coast residents, that the public began to take notice.

Last June, another "colossal" ransomware attack hit hundreds of U.S. companies. Meanwhile, small and mid-sized firms have been mostly insulated as hackers have targeted larger enterprises.

But that paradigm is shifting. My recruitment company is proof of that.

Covid-19 has fueled cyberattacks on small and mid-sized businesses

In March, I was notified by our IT company that the FBI had released information of a potential serious vulnerability in our email server. Our IT consultant believes hackers had been trying to infiltrate our servers months before the notice. It was shortly thereafter that they finally succeeded, shutting down three of our company's servers as part of a "crypto hack attack" that prevented us from accessing email, files and data until we paid a ransom fee.

Cyberattacks on small and mid-sized businesses have been driven largely by Covid, when work-from-home employees gained remote access to their company's servers via tools that make email and other systems vulnerable. In my case, employees could not receive email messages and access important files, though Social Security numbers and other sensitive data in our candidate database remained intact.

Related: How Much Does Cybersecurity Really Cost?

Though the situation could have been worse, it was a long two-and-a-half weeks. I quickly learned IT security is a lose-lose game: The hacker has the upper hand, so it's best to cooperate, negotiate and do whatever possible to get your systems up and running.

It's not an inexpensive endeavor: Ransom demands for companies like ours can start at upwards of $25,000. Our IT expert was able to get a key to decrypt our data for $2,800, plus another $1,000 once systems were operational. The biggest financial impact was due to loss of productivity.

But be warned: Although hackers are in the lucrative business of collecting money for returning what is rightfully yours (my firm's hacker had earned about $1 million based on Bitcoin tracking over the course of a year), they work on their own schedules and thus can be slow to respond. Time zones can hamper your company's return to normalcy too, as many of these hackers are overseas.

Related: 3 Biggest Cybersecurity Threats Facing Small Businesses Right Now

While it may seem futile, there are some things you can do.

How to protect yourself

Choose your IT resources wisely. While mega-corporations may have an army of IT experts protecting their data, that isn't the case for small and mid-sized firms. I am fortunate to work with a computer forensics investigator who has deep experience in IT and is specially trained in retrieving information from computer systems and other data-storage devices.

Communicate openly and frequently with the hacker (usually via email) and be ready to negotiate and pay to regain access to your information.

Investigate the tools, including a backup computer system, to protect your system. This could include investing in an enterprise-grade router with an intrusion-detection system to detect suspicious activities. Such tools don't have to break the bank. Consult with your IT expert for guidance on which tools are best for your firm.

Related: A Business Leader's Beginner Guide to Cybersecurity

Buy cybersecurity insurance to help cover the costs, report cyber incidents to local authorities and the FBI, and from a leadership perspective, stay calm. Update your staff regularly and do all you can to maintain a "business as usual" environment.

Most of us don't think about technology until it fails us. Unfortunately, the environment is changing, so it is not if but when your firm could be the next victim of a cyberattack. Taking proactive steps can help you manage the risks and mitigate the problem should a security breach occur.

Kathleen Duffy

Entrepreneur Leadership Network® Contributor

President and CEO

Kathleen Duffy is CEO of Duffy Group, a global recruitment firm that helps people find joy in their work. She was among the first in the nation to lead an entirely remote workforce. Kathleen balances her CEO duties helping other small business owners and women secure corporate leadership roles.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Innovation

4 Ways Market Leaders Use Innovation to Foster Business Growth

Forward-thinkers constantly strive to diversify and streamline their products and services, turning novelties into commodities desired by many.

Business News

JPMorgan Shuts Down Internal Message Board Comments After Employees React to Return-to-Office Mandate

Employees were given the option to leave comments about the RTO mandate with their first and last names on display — and they did not hold back.

Side Hustle

'Hustling Since Middle School': She Started a Side Hustle on Facebook Marketplace — Then a 'Game-Changer' Grew It to $25,000 a Month

Leena Pettigrew's "entrepreneurial spirit" inspired her to build a business with earnings that outpaced her full-time income.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Leadership

From Elite Athletes to Tech Titans — Discover the Surprising $100-Million Habit That Leads to Extraordinary Success

Success comes from mastering focus, eliminating distractions and prioritizing what truly matters.

Business News

'Nothing More Powerful': How to Transform Companies From Within as an 'Intrapreneur,' According to a Microsoft Office and Yahoo! Shopping Cofounder

Elizabeth Funk wrote the first code for Yahoo! Shopping on her own, based on skills she acquired from an "HTML for Dummies" book.