If history repeats itself, 2021 will set another record in cyberattacks on small and medium size businesses — as well as consumers, large enterprises and public institutions. Although the pandemic, with its vastly increased remote workforces, has made large companies easier targets for hackers, cannabis SMBs are by no means out of the woods.

During the recent National Cybersecurity Awareness Month, much public research was released covering the gaps in business infrastructure and the best practices necessary for companies to follow. Cannabis companies continue to be in the crosshairs of bad actors looking for easy pickings among cash-based businesses. So it’s timely to review some of these year-end findings and see if they apply to your own operations.

According to IBM, the average cost of an insider-related cyber incident at a small business has risen to $7.68 million. Unfortunately, according to identity theft resolution firm CyberScout, more than half of U.S. companies do not have ongoing training programs on cyber best practices. There continues to be a disconnect between business owners’ feelings on how secure their companies are and their actual commitments to adopting necessary procedures and making required investments.

What’s the leading cyber threat to SMBs today? Most think it’s a data breach or unknowingly uploading malware into a system — but those aren’t correct. Technology provider Datto’s recent survey identifies it as ransomware attacks — which are targeted more to small businesses than enterprises due to the likelihood of collecting a payout. CyberScout’s survey found that 16 percent of SMBs have already experienced a ransomware attack (albeit this includes unsuccessful attempts.)

Remember, if a ransomware attack happens, never click anything or respond to the message. And don’t run anti-virus software, which can work against you by eliminating information about the perpetrator of the attempt. Take your hands off the keyboard and turn the matter over to an IT professional and/or your insurance company who can recommend next steps — and determine whether the attack is true or false.

Now that remote work is more prevalent than ever, it is crucial you have a set protocol for all your WFH personnel. Ask yourself these three questions:

• Is their work being backed up?
• Are they using a VPN to connect to your systems?
• How secure are their passwords?

All SMBs need to have a formal cybersecurity plan given today’s risks, and this includes regular backups that can negate the ill effects of a serious ransomware situation. This also underscores the critical need for cyber insurance coverage in 2021; most small companies do not have protection and should prioritize this along with IT procedures and employee education.