Since big companies such as Target, with nearly 2,000 stores in the U.S., and Equifax, with more than $3 billion annual revenue, are targeted by cybercriminals, one might think small businesses would be considered small potatoes.
Unfortunately, small businesses also are targeted with depressing frequency.
According to the Congressional Small Business Committee, 71 percent of cyberattacks are directed at businesses with fewer than 100 employees.
What’s more, Ponemon’s and Keeper Security’s 2016 small and medium-sized businesses cybersecurity report noted 50 percent of small businesses had a security breach during the previous year.
It isn’t because cybercriminals are ill-informed or not ambitious. While cyberattacks on big companies can generate vast quantities of valuable data, these companies typically are well-defended.
Although small to medium-sized businesses are less valuable targets, their information technology systems are easier to penetrate.
The following are guidelines small businesses can follow to strengthen their defense against cybercrime:
CYBERSECURITY STARTS AT THE WORKPLACE
Company insiders are responsible for 60 percent of cyberattacks, according to IBM. Who is an insider? Anyone who possesses credentials enabling physical or remote access to a company’s digital assets.
The solution? Start by awarding credentials for access to sensitive digital assets only to those who have earned your complete confidence. If an employee or contractor is fired or chooses to leave your firm, quickly block access to digital assets.
An employee or contractor who copies digital assets onto a portable drive can do as much damage as a hacker who infiltrates your IT system remotely. As a result, stringent physical security is the starting point for effective cybersecurity.
Individuals perpetrating ransomware can only succeed in restricting access to your company’s computer system with the help of employees and contractors. Curb these efforts to hold your company hostage by following these rules of thumb:
Train contractors and personnel to recognize bogus emails and advertisements.
Stay current on all IT protection systems, including anti-virus software.
Do not click on unknown emails or attachments.
Do not connect unprotected personal devices such as flash drives to company IT systems.
WI-FI HOTSPOTS ARE DANGEROUS
Since 95 percent of Wi-Fi traffic is un-encrypted, employees and contractors should use caution before accessing your company IT system via a hotspot at a Starbucks, Panera, train station, hotel or other public space. All digital assets will become vulnerable if the hacker deviously working at the next table or across the lobby penetrates your corporate server.
A few ways to manage this risk:
Nothing is for nothing, including any network labeled “Free Wi-Fi.” Don’t accept this particular form of charity.
Before logging in, set all websites to “HTTP secure.”
Use a virtual private network before logging into a company network.
Do not access personal financial accounts via a Wi-Fi hotspot. In fact, anytime a user name and password are required to gain access to a website, put the time to better use by getting up to order another cup of coffee.
ACCEPT THAT PROBABLY
YOU WILL BE ATTACKED
It has been said it isn’t a matter of whether or not a cyber intruder will victimize a company, but when.
To best defend against such an event, prepare an action plan in advance.
BUY CYBER INSURANCE
According to UPS Capital, a cyberattack costs a small business $84,000 to $148,000. What’s more, 60 percent of small businesses go out of business within six months of an attack.
While the first wall of defense against cyber-risk is a comprehensive data security plan, no amount of preparation can fully protect a firm from a breach. This cyber-risk must be transferred to insurance.
Because of potential limitations of standard liability coverage when dealing with the evolving cyber environment, work with your broker to transfer your cyber-risk to cyber insurance products.
Based in Warrington, Kirk Salmon is a sales and relationship manager concentrating on the Lehigh Valley at KMRD Partners Inc., a risk and human capital management consulting and insurance brokerage firm with three offices in southeastern Pennsylvania. He can be reached at firstname.lastname@example.org.