Is Cybercrime a Risk to Your Business?
Small businesses need a wakeup call when it comes to protecting themselves against cybercrime. The most vulnerable businesses are often those who feel that what they have is not of much value to hackers. This couldn’t be further from the truth.
As someone who works hand-in-hand with business owners, I’m keenly aware of how important it is to keep financial, IP, customer data, employee records, and other vital information secure. That message hit home for me when I participated in a webinar about small business cybercrime by Kris Fenton, President of IT Squared Resource, Inc. Here’s the message she shared that we all need to heed.
Cybercrime is defined as crime that is committed electronically. It can include theft, fraud, intellectual property violations, or distribution of child pornography. In 2015 the global financial impact of cybercrime had risen to $3 trillion; that cost is predicted to double by 2021.
43 percent of cyberattacks target small businesses. Nearly half of all small businesses have suffered a data security breach. The damage can be devastating – 60 percent of small businesses that suffer cyberattacks close their doors within six months. Even if the business survives, the costs of cyberattacks are many:
- Disruption of business
- Damage to reputation
- Loss of clients
- Individual or class action lawsuits
- Regulatory fines
- An average cost of $221 per record to repair
What’s most at risk?
- Banking Credentials – you’re not protected by the FDIC from bank fraud
- Personal or sensitive data about staff, vendors and customers
- Ideas, processes, intellectual property, other trade secrets
- Reputation and credibility
- Passwords and access information, creating a risk that you’ll be targeted by ransomware
- Email accounts which may open the door to
- email addresses, calendars, photos, and attachments
- social media accounts and internet hosting credentials
- financial and online account information
- cloud-based accounts and documents
- and puts you at risk for
- spam – the single biggest driver of breaches
- malware – 82,000 new malware threats are released daily according to PC World
- You can check whether your email has been compromised in a data breach at these sites:
Kris shared some ways in which businesses can protect themselves from cybercrime. Some of her takeaways included:
- Conduct a threat assessment: Consider how employees use company-owned devices and what third-party, cloud-based programs are in use. Determine whether your systems are fully backed up. Assess where you are exposed to risk and whether adequate security measures are in place. Consider hiring a security expert to audit your systems and provide recommendations. Ensure that you have someone responsible for protecting your network and that they are doing their job. The National Cyber Security Alliance’s Workplace Security Risk Calculator is a valuable tool.
- Develop an Action Plan: Based on the results of your threat assessment, determine what you need to do to secure your systems, data and operations from theft, compromise and corruption. Establish a written data security policy of which all employees are made aware. The FCC offers a guide to creating a Small Biz Cyber Planner.
- Practice Ongoing Security Maintenance: Don’t put your data security on auto pilot. Make sure all your protective measures are kept current. Keep systems updated. Invest in automated and monitored data backup solutions. Use strong passwords that are at least 8 characters, 3 variables, and change passwords at least every six months. Use two-step authentication for login when it’s available.
Following are some tips for protecting your bank accounts, both business and personal:
- Cancel debit cards since they are the primary way accounts are compromised.
- Use a dedicated PC for online banking that is not used to access other websites, email, social media, or to download files and applications.
- Register for email alerts from your bank about activity on your accounts.
- Require that any wire transfers can be initiated only with your signature and a phone call.
- Minimize risk by having your money spread in multiple accounts.
In general, don’t assume your data is safe. If there’s a question, take precautions. If an email is suspicious, contains grammatical errors or typos, or is from an address or person you don’t recognize, don’t open it. Be careful in your use of social media and what you place on cloud-based applications. Recognize that mobile devices are increasingly targeted so secure cell phones, tablets, etc.
Business lives in a digital world, so we must take the necessary steps to keep our data secure. It can prevent losses that can potentially be unrecoverable. But it is beneficial in other ways. Businesses that have strong digital trust strategies and that are digitally trust worthy generate more online profit than those that are not and are predicted to grow at a higher rate.