By: Henry Doss, CEO | Zuryc, Inc.
Hackers will do anything to get their hands on customer information. Tales of data breaches that have compromised the personal data of millions of people around the world are the stories that make headlines—remember Target’s security breach in 2013 that affected more than 41 million customer payment card accounts? Even reports of large businesses like Facebook and Google falling victim to hackers are becoming more frequent. These attacks can cost companies thousands, even millions of dollars, to resolve.
Because the attacks we read about in the news are mostly large corporations, it leaves many with the belief that small- and medium-sized businesses have little reason to be concerned. Hackers don’t waste their time on smaller businesses, right?
In Verizon’s 2018 Data Breach Investigation Report, 58 percent of victims of cybersecurity attacks were identified as small businesses. This is alarming because, unlike large companies, small- and medium-sized businesses don’t generally have the resources to effectively address online attacks. Not only do they face substantial fees that could close their doors for good, the loss of customer trust after such an attack can also have a devastating impact on their bottom line. The National Cyber Security Alliance reports that around 60 percent of smaller businesses are forced out of business within six months following a cyber attack; these attacks can cost small businesses upwards of $80,000 per year.
While your business may not be as large as Target or Amazon, you still have information that hackers want: the personal and payment information of your employees and customers. So, how can your business survive in a growing landscape of cyber theft? There are measures you can take to protect your customers and, ultimately, yourself:
Understand you’re a potential target
No business is too small to draw the attention of cyber thieves. The dark web has provided a myriad of tools that any experienced or would-be hacker can acquire with a modest investment of time and money. A hacker may not have the skill set to break into the network of a large corporation, but they may be able to hack into your website or server and steal information from your business with little difficulty—information that will easily sell on the dark web.
Yes, you need security policies and procedures
In order to protect yourself from a cybersecurity threat, it’s important to anticipate that you could (and probably will) be a victim of an attack at some point. With that in mind, your small business should already have a security plan in place that outlines how you plan to deal with such an attack to protect your customers, your employees, and your business. Showing you were proactive in putting preventive and protection measures in place can be helpful when dealing with the consequences of such an incident.
There are many preventative measures you can take, from password policies to security monitoring. Many of these practical measures are free to implement or very affordable, even for small businesses.
Train your employees
There’s nothing available at any price that can completely protect your business from an online attack. Large corporations with huge security budgets can fall victim to an attack at any time if one of their employees makes a mistake and the wrong person finds it. It’s that easy.
Your employees can be your best line of defense or your weakest link. By educating and training them to be observant online and in their daily routines, you can reduce the risk of an online attack. If they can identify phishing schemes or suspicious emails, they can update their computers, devices, and software as soon as updates are available. It’s also crucial that they are able to manage passwords well. According to a cybersecurity preparedness report published last year by Webroot, while most businesses train their staff on cybersecurity practices, less than half offer ongoing training.
Consider outsourcing IT services
Only a small number of businesses are ready and able to manage their own security threats. Many small businesses are sole proprietorships or have staff members that are stretched very thin across a number of responsibilities—cyber security included. In most cases, that would mean a minimal time commitment to cybersecurity for most small businesses.
Many who have the resources to do so hire third-party services or threat analysts to manage their online security. The use of IT professionals to monitor your business’s security and train your employees can be very beneficial. Many small businesses assume they can’t afford such services but such costs are far less than that of a cyber attack. Think of it as an investment in your customers and in your business.