High-profile cyber attacks on companies such as Target and Sears have raised awareness of the growing threat of cybercrime. New surveys conducted by the Small Business Authority, Symantec, Kaspersky Lab and the National Cybersecurity Alliance suggest that many small business owners are still working under a false sense of cybersecurity.
The statistics for these studies are dismal; The vast majority of small American businesses do not have a formal Internet security policy for employees, and only about half even have rudimentary cyber security measures in place. In addition, only about a quarter of small business owners have had an external party test their computer systems to ensure that they are hack-proof, and almost 40% have not backed up their data in more than one place.
Despite significant cyber security exposures, 85% of small business owners believe that their business is secure from hackers, viruses, malware or hacking. This connection is largely due to the widespread, albeit erroneous, belief that small businesses are unlikely targets for cyberattacks.
In reality, computer thieves are simply looking for the path of least resistance. Symantec's survey showed that 43% of attacks are against organizations with fewer than 250 employees.
Outside sources such as hackers are not the only way your business can be attacked – often smaller businesses have a family-like atmosphere and spend too much. trust in their employees. This trust can lead to complacency, which is exactly what a dissatisfied or recently fired employee needs to carry out an attack on the business.
As large companies continue to become serious about data security, small businesses are becoming increasingly attractive targets – and the results are often devastating for small businesses.
According to a recent study by the Ponemon Institute, the average annual cost of cyberattacks for SMEs is over $ 2 million. Most small businesses do not have that kind of money left, and as a result, almost 60% of small businesses that are exposed to a cyberattack close permanently within six months of the attack. Many of these companies postpone making the necessary improvements to their cybersecurity protocols until it was too late because they feared the costs would be prohibitive.
The staggering cost of a cybercrime often shuts down a small business. As a recent article in Security Magazine shared, "The average recovery cost from SMB data breaches is $ 36,000 and can even lead to a loss of $ 50,000." Sometimes this number is even higher if the broken data gets into the wrong hands.
A recent particularly bad example in our area occurred when a local teenager hacked a small business and stole social security numbers and bank account data from customer accounts. The teenager sold this information to an online company that used the information to create false identities for criminal use.
This small business incurred customer reporting and credit monitoring costs, legal costs and damages from potential lawsuits, resulting in more than $ 500,000 in damages.
Some damages and costs are not monetary. A crime often causes significant damage to your brand and your company's reputation. Many of your customers may quit your services or no longer visit your business after an attack. In addition, debit card companies may no longer want to work with you to provide customer card service.
In addition to educating yourself about the security threats out there and taking steps to strengthen your business, one of the best things you can do to protect yourself is to get cyber liability insurance. By getting the right cyber attack insurance, your small business gets a sense of security in the event of an attack. The following are some of the most common types of cyber liability claims:
- Stolen laptops or computers
- Rogue employee stealing data or equipment
- Spyware virus
- Dumpster Diving data breach
- Data theft extortion
- Incorrect disposal of equipment leading to intrusion
- Reputation damage and PR costs due to a breach
Even if you do not currently have the resources to hire an external expert to test your computer systems and make security recommendations, there are simple, financial steps you can take to reduce the risk of becoming a victim of a costly cyberattack:
- Train employees in cybersecurity principles.
- Regularly install, use, and update antivirus and antispyware software on each computer used in your company.
- Use a firewall for your internet connection.
- Download and install software updates for your operating systems and applications as they become available.  Make backup copies of important business data and information.
- Control physical access to your computers and network components.
- Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure and hidden. ] Change passwords regularly.
In addition to the listed tips, the Federal Communications Commission (FCC) provides a small business tool that can create and save a customized cyber security plan for your business by choosing from a menu of expert advice to address your specific business needs and problems. It is available at www.fcc.gov/cyberplanner.
It is our hope that this article will provide you with a great place to start improving your cybersecurity. However, when considering cyber-liability insurance as part of your action plan, it is important to consult an expert in data breach insurance to understand all of your business needs.
An independent insurance agent can prepare the right insurance for you that will give you the coverage you need without incurring unnecessary costs. Such an insurance agent can also compare many different insurance companies and find the best premium and coverage for you. Because they are independent, these agents are not pressured to pursue any company's agenda or policy. This kind of thorough preparation is worth the effort!
Tim O & # 39; Rielley of CoverLink Insurance notes the benefits of being well prepared for an intrusion:
“We are seeing a huge increase in the number of cyberattacks and data breaches, most of which occur in small businesses. The companies that have sufficient coverage can respond 73% faster compared to those without coverage. And the fast response time is directly correlated with the total cost that the company incurs as a result of the intrusion. own attacks.
Are you one of those people? Do you have a tip on preventing cyberattacks? Share it with us on one of our social media channels to make our entire community #BeCyberSmart.