Q: “I can’t believe how many small businesses don’t take cybercrime seriously! If they saw the businesses I have seen wiped out, they might start to take action. My business is booming because small business doesn’t know that they are target #1.” ― James
A: Maybe it was not surprising that the conversation above comes from my computer guy James, he being on the front lines and October being Cyber Security Awareness Month and all. But really, with daily stories such as the Equifax hack in the news, it shouldn’t take an “Awareness Month” or the dire warnings of a geek to help us understand that cyber threats are real and getting worse.
Consider this surprising story: Last year, five sheriff and police departments in Maine were victims of ransomware attacks. Lincoln County, Maine, Sheriff Todd Brackett didn’t want to pay the ransom, but after two days he gave in, because they really had no choice. They couldn’t risk losing their data.
“We are cops,” he told NBC News. “We generally don’t pay ransoms.”
Just how big is the risk to small business? Big, very big. According to the Verizon Data Breach Investigation Report, 61% of breaches hit smaller businesses last year, up from the previous year’s 53%.
And, according to UPS Capital,
► Cyber attacks cost small businesses between $84,000 and $148,000.
► 60% of small businesses go out of business within six months of an attack.
► 90% of small business don’t use any data protection at all for company and customer information.
Almost two-thirds of all cyberattacks are now directed at small business, people.
And the thing is, you have a lot to lose. Small businesses store not only their own critical data and information but also customer records (including possibly credit card, social security, and/or other numbers), vendor information, customer lists, passwords, and much, much more. It is a lot to lose, should you ever lose it.
So, given all of this ― the dire warnings and my nagging and the clear and present risk to your business ― the question has to be, how can you protect yourself?
It turns out, there are quite a few things you can do. And they’re pretty easy, too. For starters, it should go without saying that you need to protect your business and its computer systems. That means two things.
First, you must install cyber security software on all of your computers and mobile devices (yes, mobile devices, too.) That such systems are run through the cloud and are always-on should make that a no-brainer.
Second, you need to install remote computer backup so that, should the worst ever occur and you are attacked, you will have a remote system backup protecting you and allowing you to recover and not be one of the 60% to go out of business because of a cyberattack.
UPS Capital has a few additional smart suggestions. These include
► Regularly test your data security systems and procedures.
► Develop a data breach response plan that includes a communications response plan ― how you will notify customers, staff, the media, etc.
► Getting cyber liability insurance.
Similarly, Verizon, too, has some recommendations:
► Train staff to spot the warning signs of “phishy” email.
► Encrypt sensitive data.
► Enable two-factor authentication.
► Don’t forget physical security. Not all data theft happens online.
Let’s not become a statistic. A little work now is smart business.
Today’s tip: Finally, what should you do if you become the victim of a breach or attack? UPS Capital has these recommendations:
► Act immediately. Contact your IT team, legal counsel and cyber liability insurance agent.
► Contain the breach. Take affected systems offline, but don’t turn them off. That’s so your IT team can examine the source of the breach.
► Document every step. Authorities will need to know these details.
► Communicate clearly. Ensure affected groups are made aware of the issue and the steps being taken.
Article Written By: Steve Strauss, Special for USA TODAY, Published 8:00 a.m. ET Oct. 20, 2017