The need for cybersecurity has increased greatly over the years and there is no slowing down in sight. With the invention of the World Wide Web in 1990 to now over 4 billion people using the internet, there is new ground for criminals to make their mark.
Did you know that cyber attacks occur every 39 seconds, affecting one in three Americans, and 43 percent of these attacks target small businesses? It is expected that the damage cost from these attackers will rise to and that a business will experience a by that time.
What is cybersecurity?
Why is cybersecurity important for small business?
Eighty-two percent of small business owners deem their information not important enough to steal and therefore incorrectly assume they are not targets for attacks. For hackers, however, small businesses are often their trojan horse in order to best infiltrate larger businesses.
While having cybersecurity for your business cannot guarantee complete safety from cyber attacks, it does make your business more of a hassle for hackers to infiltrate. Similar to the way burglars tend to avoid homes with security systems, attackers tend to avoid businesses with cybersecurity in place.
“You want to be less desirable of a target… So, make yourself hard to deal with. Make yourself somewhat secure and you’re much less likely to be the target. That’s the key,” Jeff Farr, CEO of Wood Networks, said.
How can small businesses protect themselves from cyber attacks?
1. Don’t ignore it – the question is not if, but when
The best thing you can do for your business is to recognize that you are at risk for a cyber attack, regardless of how small you might be.
“This is not if, it’s when. So we’ll spend time on prevention, but let’s also talk about what we do after it happens,” Farr said. “I would say to every small business owner: you’re going to deal with this, it’s just a matter of when.”
2. Leadership – cybersecurity is not just an IT problem
“I want cybersecurity as part of the objectives and strategy of the business… It’s just as important as marketing, as HR, as any other thing. As long as you’re in the conversation, you’ll solve most of your problems,” Farr shared.
Including someone who is knowledgable about cybersecurity on the leadership level will help your business have a better understanding of their need for it, which will then lead to increased protection of the business. If cybersecurity is only seen as an IT problem and not an issue for leadership, this can have devastating consequences for your business.
“If you don’t have the leadership at the top buying into your budget, your technical requirements, and why and how it supports a business, then you’re just spinning your wheels.” James Myers, Senior Business Security Advisor for InfoSec Advisory, said.
3. Understanding risk – and budget for that
“Know what intellectual property you have to your business and what does it mean to you, and how much risk are you willing to weigh against that,“ Myers said. “Know how much money are you willing to spend versus how much risk are you willing to inherit. Really understand that about your business.”
A perk about having a cybersecurity point-person on leadership is that the risk and how to properly budget for cybersecurity is better understood. Often, businesses do not include a cybersecurity expert on their leadership team and when it comes time to talk about it, cybersecurity is not seen as high enough of a priority. The budget is not large enough and the risk is minimized or ignored.
When talking about cybersecurity in regards to risk, Farr said, “Not only is it about your business, but oftentimes you’re connected to your vendors, to your clients, to your employees personally. So it’s not just you – it’s your ecosystem.”
Security Consultant for Secutor Consulting, Scott Geye, shared this same concern.
“The business owner has to understand that risk – what the potential loss is before they can really realistically say the budget.” Geye said.
4. Identity and Access Management
Identity Access and Management basically makes sure that the right people have access to the right things for the right reasons and the right time. Surprisingly, one of the main causes of data breaches to a small business is simply a negligent employee. In order to help prevent this, it is extremely important to know what people have access to what and when.
“Identity Access and Management,” Myers said, is knowing “where is the information, who has access to it, how did they get access to it, and what mediums do they get access to it and when?”
“Sixty percent of small businesses that get breached go out of business because they don’t have a program or a policy or an incidents response plan put in place because they just don’t want to think that it’s going to happen to them.” Kim Hutson, VP at Huston Insurance Group, said.
Cyber attacks cost an average of over two million dollars for small to medium-sized business in 2017. As cyber attacks continue and become more sophisticated, it is vital for these small businesses to have a plan in place for when this happens.
“There are a lot of different insuring agreements within an insurance policy and you can pick and choose which agreements make sense for you as a business owner.” Hutson said.
There is no business too small for cybersecurity. Small businesses are the backbone of our economy and with the rise of cyber attacks, they need to be protected. Be the house with the security system and take action to protect your ecosystem.