Ask yourself this question: if your small business suffered an abrupt loss of $80,000, would it survive? What about a loss of a quarter million? Because according to Carbonite chief evangelist Norman Guadagno, that’s how much a just one cybersecurity incident could end up costing you.
“According to our recent data 63 percent of small business owners view data as their new currency,” Guadango said in an interview with TechRepublic’s Dan Patterson, adding that “a single data hack could have associated costs ranging from $82,200 to $256,000.”
But just how at risk is your small business really? “Almost one in five small business owners say their company has had a loss of data in the past year,” says Guadagno.
While we tend to think of the biggest cybersecurity data breaches and hacks in terms of the big businesses (as well as the government, which is still lagging behind in terms of cybersecurity), it’s becoming more apparent that they aren’t the only ones who have to worry about cyber attacks. Symantec statistics show that in 2015, 43 percent of cyber attacks were targeted at small businesses, while a newer study by the Ponemon Institute found that 50 percent of SMBs have already been breached in the past 12 months.
A National Problem
Even though only one in four are well prepared for a cyber attack, and even though half of all small to medium sized businesses have already been hit with cyber attacks, a recent survey by Manta shows that up to 87 percent feel they are not at risk of a breach.
As such, some members of the U.S. Senate are currently looking to create a set of modern resources and guidelines that small businesses and entrepreneurs can look to for protection and guidance in the face of today’s cyberthreats. The Main Street Cybersecurity Act of 2017 was introduced to the Senate at the end of March, and is meant to update the Cybersecurity Enhancement Act of 2014. The 2014 act prompted the National Institute of Standards and Technology to provide guidelines information to help big businesses nip cybersecurity risks in the bud, while the new act urges the NIST to include information for small businesses.
Your Security, Your Responsibility
One of the reasons that small businesses make such great targets for cyber criminals is that small business owners never think they’ll end up being targets in the first place. This, mixed with an increase in relatively new and easily deployable ransomware like WannaCry and Petya means that ignorance is a cyber criminal’s greatest weapon.
The cost of that ignorance, as Guadango stated above, could be anywhere from $80,000 to $250,000 — enough to kill many startups and SMBs and leave them dead in the water. It’s up to you to make sure that your small businesses is protected against threats. East Coast Polytechnic Institute’s online blog suggests these six tips for managing a secure network:
- Use Encryption. End-to-end encryption will ensure that all of the data sent between users and systems are protected against outside snooping and man-in-the-middle attacks. If you already use encryption, just be sure that yours is up to date.
- Track All Users on All Devices. Notifications of suspicious logins, failed attempts, and unregistered devices on your network are a must. Most of these systems are automated and will notify you of suspicious activity without you having to do anything.
- Observe Password Protocol and Hygiene. Easily guessed passwords have been the downfall of many systems, and will continue to be until people wise up about their passwords. Software that cracks weak passwords is easier to come by nowadays so make sure that you observe proper password security — XKCD’s webcomic actually has a great comic about password strength.
- Maintain Inventory. Make sure that you have a list of every device that is used on your network. This will make unauthorized intrusions that much easier to detect. You’ll also be able to go through that list and check to make sure that security configurations are up to par.
- Perform Security Testing. Without testing your system against intrusions, how are you going to know whether or not it will hold up when it actually matters? Security (as well as disaster recovery testing) should occur frequently to make sure that new hacking techniques don’t trump your already-in-place systems. Make sure to keep your systems updated to avoid complications.
- Avoid Using Software from Unknown Providers. Last but not least, don’t use software from providers that you don’t know. Shadow IT is one of the biggest cause of breach in corporations, and it stems from employees downloading unapproved software that comes bundled with backdoors and phishing viruses.
Cyber security is serious business nowadays, and it affects everyone. Don’t get caught with your pants down, and make sure you’re taking cyber security seriously.