Most people see cybersecurity as something that only governments and large corporations need to worry about. For example, recent news stories have been highlighting cyber attacks on major entities such as Equifax and England’s National Health Service. However, businesses of all sizes are at risk of a cyber security breach.
According to the Department of Homeland Security, 40% of cyber attacks target businesses with fewer than 500 employees. In addition, about one in five small and midsize businesses reported a cyber attack over a two-year period. Computer crime has now bypassed illegal drugs as the country’s #1 criminal money-maker, making it in every business owner’s best interest to safeguard their organization as much as possible.
Here are 5 common questions both business owners and nonprofit organizations face about cybersecurity breaches:
What types of breaches are possible?
Businesses are seeing the full gambit of cyber attacks, ranging from man-in-the-middle-schemes to classic malware and phishing attacks. In most cases, the criminals are after credit card and banking information. However, a recent FBI report on identity theft noted that personnel records are becoming a growing area of concern.
Rather than attack a business directly, criminals break into a system and steal employee personal information. Then they use it to create “ghost identities.” As these attacks may not be recognized for some time after they’ve occurred, it can be difficult for authorities to combat them. Seasonal businesses are especially vulnerable to this type of attack, as fluctuations in employee numbers can make it difficult to establish links between victims.
How much could cyber attacks cost a business?
Estimates of what a cyber attack can cost a business vary greatly. The size and type of business affected are major factors in determining the costs. At a minimum, a small retail establishment or seasonal business might lose $38,000 to $55,000 due to an attack. This number includes lost productivity and the cost of paying for professional expertise to fix the security breach. This does not include damages to victims, fines, and legal fees which could be exorbitant and potentially reach the millions.
For larger businesses, the losses are not just financial in nature and significant in size; customer loss of confidence in the company and system downtime add to the problems of establishing the actual cost of an attack.
Do hackers target small businesses?
Hacks on small business have become so frequent that Congress is considering legislation to help establish guidelines and resources to help small business owners protect themselves.
Criminals consider small and mid-sized businesses to be softer targets than large companies. Most entrepreneurs and smaller companies don’t have the resources to maintain full-time information technology personnel, or update and monitor their security constantly to combat the latest threats. As a result, these smaller organizations are more likely to have exploitable vulnerabilities and less surveillance of threats.
What can you do to protect yourself?
While cybersecurity is a never-ending war of measures and countermeasures, you can take some basic steps as a business owner to protect yourself from cyber breaches. See the infographic below to see what Steven Weisman, senior lecturer at Bentley university, suggests.
How can you recover?
After you have suffered a security breach, the only option is to pay for the damages and call on professionals to help recover your system. However, it is possible to protect yourself before any breach occurs. No system is impervious to attack, so it’s important to take the crucial steps required to be prepared ahead of time.
Do you have a “Cyber Strategy”?
If you’re like most businesses, even though you know you’re exposed to a cyber risk, you might not be entirely sure what to do about it. You’ve taken the basic preventative measures and installed the most up-to-date firewalls, but even if you outsource your IT Management, you are ultimately responsible for responding if a breach were to occur.
So what is your strategy? Who is your first call after a breach? Have you identififed a forensic investigator, an attorney, or a public relations specialist that could help walk you through the process?
A well-crafted Cyber Liability Policy could be the solution you’re looking for. Contact us today to continue the conversation.