Cybercrime costs the economy more than $1 trillion per year, and crooks are increasingly setting their sights on small businesses. Cyber attacks are growing in importance every day—from influencing major elections to crippling businesses overnight.
Cybersecurity is business!
According to a June 2017 article on Business News Daily, small businesses are just as at-risk for cyber attacks as larger companies. According to a report by Keeper Security and the Ponemon Institute, 61% of small- and medium-sized businesses have experienced a cyber attack and have been breached in the past 12 months.
According to UPS Capital:
- Cyber attacks cost small businesses between $84,000 and $148,000.
- 60% of small businesses go out of business within six months of an attack.
- 90% of small business don’t use any data protection at all for company and
customer information.
Small businesses have a lot to lose—particularly critical data including customer records
(including credit card, social security, and/or other numbers), vendor information, customer lists, passwords, and much, much more.
And unfortunately, a Towergate Insurance infographic shows that 82% of small business owners think they’re not targets for attacks because they don’t have anything worth stealing.
They are wrong. In nearly all cases, the goal of a cyber attack is to steal and exploit sensitive data (customer credit info, personal credentials, etc.), whether it’s through phishing, malware, ransomware, or insider attacks. That means ALL businesses are at risk, and the risks are growing. According to Forbes, cybercrime will cost an estimated $6 trillion per year on average through 2021.
Small businesses are very appealing to hackers. In fact, the antivirus software company ESET said that “small businesses fall into hackers’ cybersecurity sweet spot.” These companies have more digital assets to target than an individual consumer, but less security than a larger organization. Another reason small businesses appeal to hackers is that they are generally less careful about security.
Cyber attacks can bring potentially disastrous consequences, including the loss of investor or shareholder trust, damaged reputation, loss of data, and cost of recovery. Small businesses need to do more than the bare minimum. So, what can you do to PROTECT the company?
There are quite a few things you can do. And they are simple and easy. For starters, you need to protect your business and its computer systems. That means two things.
First, you must install cybersecurity software on all of your computers and mobile devices (yes, mobile devices, too.) These systems are run through the cloud and are always on.
Second, you need to install remote computer backup so that, should the worst ever occur and you are attacked, you will have a remote system backup protecting you and allowing you to recover and not be one of the 60% to go out of business because of a cyber attack.
My top five suggestions for protecting your business’s data are as follows:
1. Implement secure communication methods.
If your staff uses mobile devices for work purposes, there need to be restrictions on the
information devices can access, rules on whether devices can be taken home, and clear
guidelines for when IT departments can wipe a device clean.
2. Create a sophisticated password strategy.
You hear this all of the time. But just think: sophisticated hackers use a computer to crack passwords. They can perform complex mathematical calculations in an instant. If you have a password that has four random numbers like 3570, there are only 10,000 possible combinations for four-digit pins. A computer can run a program that can guess this number in a fraction of a second. An eight-digit pin has only 100,000 different combinations (a computer can figure that out in no time). If you can combine UPPERCASE, lowercase, @#$& and 124797625, this increases the difficulty
dramatically for the computers. It helps to keep your accounts safe.
3. Use a secure backup plan.
With a secure backup plan, your data should be saved and stored in multiple locations. Ideally, one of these is a cloud solution that’s independent of any physical hardware in your office.
4. Designate a point person.
Your point person should have three primary responsibilities: to stay informed of major news and changes in digital security; to know the basic requirements for your business to function securely and efficiently, and to ensure that those requirements are put in place and kept updated. This doesn’t mean that the person in charge needs to personally do all the work, but that he or she needs to find the right services or professionals who can do the necessary updates and improvements.
5. Thoroughly educate employees.
It’s a commonly held theory that employees are the weak link in corporate cybersecurity.
According to the 2017 State of Cybersecurity in Small and Medium-Sized Businesses, negligent employees or contractors are the number-one cause of data breaches in small and mid-size businesses, accounting for 48 percent of all incidents. An additional 31.5 percent are the work of malicious insiders and 23.5 percent of attacks are conducted by inadvertent actors (that is, people who pretend they’re unaware of what they’re doing). This means 55 percent of all attacks come from the inside. In contrast, external attacks by hackers account for only 28 percent of breaches. Teach employees about the importance of security to your company, your customers and your reputation and their role in protecting your company data. Your workplace security depends upon their knowledge, vigilance, and participation.
Don’t forget that physical security is also important for protecting data. Be sure to lock door and devices; monitor employees, entrances and facilities; and encrypt all devices in case of loss. Identify high-value information assets—these are the time-sensitive resources. You need to know what you have (and its value) in order to appropriately protect it. I also recommend that you create an information risk-aware culture. The objective is to incorporate security activities into all the business functions. Every function of the business has a basic responsibility to security. Security isn’t allocated to one department or individual, the responsibility is distributed to everyone. Where possible, it’s also a good idea to decentralize vital data. Data that is allocated in various places proves to be more difficult to circumvent.
Let’s not become a statistic. A little work now is smart business.
If you enjoyed this blog and want to know more, I will be presenting a webinar, CYBERSECURITY: 5 Things You Should Know To Protect Your Business, on Tuesday, July 31, 2018.
You can join the group on our Concord Campus or by a Virtual Zoom link. I hope to see you soon!