“I am convinced that there are only two types of companies: those that have been hacked and those that will be.” – Former FBI Director Robert Mueller
The City of Atlanta, Amazon, BlueCross BlueShield, Disney, Equifax, Home Depot, Microsoft, Sony, Target, and Yahoo. What do all these companies have in common? These are large organizations with massive infrastructure. If it can happen to them, it can definitely happen to you. Small businesses are the heart of the US economy and yet we are some of the most vulnerable to the threat of cyber attacks.
Cyber-attacks are growing every day, from influencing major elections to crippling businesses overnight. Consider these statistics:
- There is a hacker attack every 39 seconds, affecting one in three Americans each year
- 64% of companies have experienced web-based attacks
- 62% experienced phishing & social engineering attacks
- 59% of companies experienced malicious code and botnets and 51% experienced denial of service attacks
- The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected
- In 2017, 61% of small businesses experienced cyber-attacks
- 60% of all small businesses go out of business within six months of experiencing a cyber-attack
(Source: Verizon Data Breach Report)
Most disturbingly, the same report found that 90% of small businesses do not use any data protection to secure their company and customer information.
As small business owners, we often find ourselves “laptop road warriors,” working in our cars, at Starbucks, on a plane, in a restaurant, or in a hotel room, just to name a few. Yet these environments are playgrounds for cyber attackers. Public Wi-Fi systems are unsecure and a gateway for hackers to access your system and steal your information. By using them you are exposing yourself to the world.
It is important to take proactive steps to combat cyber attacks to protect your company and your customers’ information, as well as to avoid excessive financial cost. It is critical that you do not underestimate the effect cyber warfare can have on your business.
Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access, ensuring the integrity, confidentiality and availability of information. It represents the ability to defend against and recover from attacks by adversaries.
The first step to cybersecurity is to assess the current vulnerability of your organization. It is equally important to understand the cyber risks as your business grows, adding new technologies or functions. Once you understand the risks associated with your organization, you can better protect it from theft. Potential risks include:
- Outdated and/or unlicensed hardware and software
- Ineffective/nonexistent policies
- Ineffective/nonexistent procedures
- Lazy oversight/lack of training
- Loose enforcement
In a follow up post, we’ll look at the most important elements of your small business’s cybersecurity plan.