Small and Medium Businesses, Big Cyber Problems

Small and Medium Businesses, Big Cyber Problems 864 486 N2K

Small and Medium Businesses,
Big Cyber Problems

It is difficult to tune into the news these days without hearing about the latest and greatest cyber tragedy plaguing businesses. Equifax, eBay, Experian…the list goes on and those are just a few of the E’s of what is otherwise an exhaustive alphabetical list of companies who have experienced a cyber breach.

When breached, companies face a litany of security, consumer, financial, and legal issues that can be overwhelming, if not destructive, to the integrity of a business. In addition to this already nightmarish scenario, business leaders often face intense scrutiny from their stakeholders. But make no mistake, these industry giants are not the only targets of malicious cyber-related activity. The risk for small and medium-size businesses (SMBs) to fall victim to a cyber breach is on the rise and if you happen to be an SMB the time to be prepared for a cyber incident was yesterday!

The tendency to be reactive rather than proactive when it comes to cybersecurity is not unique to any one business, regardless of size. But the propensity for SMB owners to think – it won’t happen to my business or my business has nothing worth stealing – is dead wrong. Let’s take a look at some of the facts on cyber breaches and SMBs.

  1. In 2017 61% of cyber breaches targeted small businesses

  2. SMBs are not just targets of cybercrime; they are a principal target

  3. The average cost of a data breach for SMBs is about $117,000 (particularly considerable given that only 26% of SMBs generate over $1 million in revenue annually)

  4. Most SMBs that experience a cyber attack are forced to shut down

  5. The majority of SMBs do not have a contingency plan in place to deal with a breach

You do not have to be an enterprise business to fall victim to a cyber attack. In short, if you are an SMB owner, there is a good chance you do not have a plan to: protect against a cyber breach, mitigate a breach if one occurs, and cope with what it means to shut your doors over something you never anticipated. Now, maybe none of that applies to you and you (think you) can stop reading, but if not, don’t start unplugging your electronics and making tinfoil hats just yet. Here are some basic steps you can take to protect you and your SMB.  

So How Do You Avoid Becoming a Statistic?

The stats are in! The likelihood that your small or medium-sized business can be breached is significant and hoping that it won’t happen is not your best risk-mitigation strategy. So, what can you do about it? Often, SMBs do not have the capital to invest in sophisticated technology or IT professionals to prevent and recover from a cyber-related incident. Don’t fret; there are several different measures you can take to reduce the likelihood of experiencing a cyber breach as well as processes to help you mitigate one.  

Before a Breach

  • Train Your Employees – Human error is often a leading cause in preventing sufficient cyber resilience. In fact, many cyber breaches for SMBs, whether malicious or unintentional, come from employees. Don’t be afraid to invest in cyber awareness training for you and your staff.

  • Transfer Your Risk – Consider purchasing cyber liability insurance to cover the costs you might incur should your SMB be impacted by a data breach. Insurance can be a helpful way to transfer risk and keep your doors open following the expensive aftermath of a breach.

  • Know What’s Trending – Your expertise in your respective SMB is valuable. A cursory search of the types and frequency of cyber incidents within your respective industry can help you determine what action you should take and what you need to be on the lookout for to keep your systems safe. You should also keep informed of any new cyber threat activities and legal/regulatory issues.

After a Breach

  • Document – The moment you know you have been breached keep meticulous records of who discovered the breach, what/who it has impacted, and when the incident was discovered. These details can help an external cybersecurity professional stop the problem and get your business running again.

  • Contain– Once you know what and where your cyber breach is, stop any additional information from being lost or stolen. This may require the expertise of a cyber forensic investigator so be sure to know where and how you can access one should the need arise.

  • Notify – Have an organized plan of who you need to communicate the breach to. This can include everyone from your business stakeholders, insurance providers, law enforcement, and consumers. The more streamlined this communications process is, the faster you can remedy the incident.

Want to Learn More?

Staying up to date and educated about the latest cybersecurity trends and issues might seem daunting. N2K is here to help reduce the ambiguity of the cyber domain and have you on your way to knowing how to protect you and your business from cyber crises. Whether you are a big business executive or SMB owner who wants to know more about cybersecurity, our education programs at N2K are here to help. Take a look at some of our comprehensive training programs at N2K here.

Share
Auditors vs. Managers: Finding Common Ground with CISA and CISM Certs
Questions That Need Answers: Secure Coding
Enter your search