By Anita Sathe
Between the Target, Home Depot and Bank of America breaches, it seems every week there’s news of another large corporation getting hacked. What does not seem to get the spotlight are all of the small businesses that are extremely vulnerable to cybercrime. In fact, small- and medium-sized businesses (SMBs) have emerged as the preferred target for malicious hackers, with half of all SMBs in the United States reportedly experiencing cyber attacks, according to a recent study by the University of Connecticut.
While SMBs don’t generate ample payouts individually, their lack of sophistication allows hackers to take a “spray and pray” approach, attacking SMBs by the thousands, or even millions, with little investment required.
Despite these realities there’s often a false sense of security and lack of awareness amongst SMBs. They think a breach will never happen to them. However SMB cyber attacks grew a staggering 60% in 2014, and the average cost to make infrastructure and security-related repairs for those breaches was almost $9,000 (excluding brand damage and other soft costs). Most don’t have cyber insurance in place to cover these losses, should the unexpected happen.
The expression “your reputation precedes you” rings especially true for SMBs. Consumers are wary of taking their business to a new, unproven company, and if you suffer a cyber attack, customer loyalty is sure to wane quickly. It is critical for SMBs to start prioritizing their cybersecurity efforts.
To better maintain the security of your SMB, consider the following five tips:
1. Use strong passwords and change them often
Passwords may seem like an obvious or even simplistic cybersecurity topic, but many SMB employees have weak or painfully obvious passwords. Passwords that are too short or contain personal information are easy to crack. Make sure your employees use passwords that are unique, long and complex, include both upper and lower case letters, include symbols and numbers. Make sure these don't include a phrase that is a favorite quotation or popular expression. Some people don’t change passwords for years, and often use the same password across multiple sites. This is not a good practice -- your customer data needs extra protection and having the right password policy in place is a crucial first step.
2. Implement two-factor authentication
Too often, SMBs rely solely on one layer of protection, such as touch ID to unlock your device using your thumbprint. Two factor authentication is a method of confirming a user's identity by utilizing a combination of two different components, such as a combination of thumbprint and password or a 1-time SMS/text. Relying on single safety measures like Touch ID isn’t a good plan for SMBs looking to protect their data and the confidentiality of their customers. Two-factor authentication, while not an entirely bulletproof solution, has proven effective in providing additional cybersecurity.
3. Establish company-wide security policies
Despite all the known dangers of the online world, some employees will continue to download questionable applications or agree to pay $1,000 to some Nigerian prince. All it takes is one employee to click on one insecure link, and your server is no longer secure. Implement a company-wide awareness or training policy to keep employees informed of the latest scams and educate employees to not download information from emails they don’t recognize. Consider conducting some simulated drills. For example, send out a hoax email and see how many employees respond to it; this can help your employees become smarter about cyber threats.
4. Invest in cybersecurity solutions that fit your needs
One of the most important steps an SMB can take to protect their business is to have the right cybersecurity tools in place. Having the correct tools in place before an attack or threat of an attack is crucial to prevent and prepare for the unexpected. There are a plethora of inexpensive, yet robust, tools available and setting these up can help prevent a cyber attack.
5. Get the right cyber insurance
The loss of sales caused by cybercrime has been reported to cost SMBs nearly $21,000, about as much as it costs to start a small business in the first place. Cyber insurance can help lessen the financial blow of a cyber attack and help get your business back on track. If an employee's computer is infected with malware or a cyber criminal shuts down access to your server, for instance, a cyber insurance policy can help reclaim your holdings.
Some business insurance policies may include limited coverage against cyber attacks compared to a standalone cyber insurance policy. It is imperative to speak with a licensed insurance agent with cyber insurance experience to understand the proper type of coverage your specific business needs.
Large-scale cyber attacks, such as that seen in Experian’s or Ashley Madison’s cases, certainly garner the most media attention. However, the reality is that large companies have the infrastructure to contain most of these attacks. SMBs continually face the risk, and with less expertise and resources, their path to recovery is debilitating. In fact, of all the SMBs that have been victims of cyber attacks [Note: link opens a PDF], 93% have been negatively affected, with 60% closing within six months.
By following these simple guidelines you’ll be better equipped to protect your business that you worked so hard to build!
About Anita Sathe
Anita Sathe is the general manager of CyberPolicy. She has an actuarial background and is one of a select group to have a dual fellowship of the Casualty Actuarial Society & the Society of Actuaries.