Small businesses lack resources for security
According to the 2016 Verizon Data Breach Investigation Report, 51% of all cyber attacks were targeted at small businesses. By 2017, that number had jumped to over 61%. What we’ve been seeing is a clear shift in focus with hackers targeting small businesses over enterprise business. While enterprise-level businesses can invest millions in security, the majority of small businesses do not have a dedicated IT team, think they are protected by their vendors and, as a result, are ripe targets. Cybercriminals are increasingly using ransomware attacks and the consequences can be devastating to small businesses. Some basic security measures you should take to protect your business include:
- Update all systems and browsers when new updates come out
- Require employees to add passcodes to their phones if they use any public wifi networks
- Add multi-factor authentication to your access points
- Install anti-virus software if you haven’t already
- Shred all documents containing sensitive information
The true cost of a data breach
You may be thinking, “I don’t store a lot of customer information, so a breach wouldn’t cost me that much.” Wrong. You are legally required to report a breach and notify your customers of every record of theirs that has been compromised, and though it can vary across industries, the average cost per breached record is $141. And that all adds up. According to UPS Capital, the average cyber breach costs a small business owner between $84,000 - $148,000. Not exactly pennies we’re talking about here. Even more alarming is the rate at which small businesses go out of business after a breach. Over 60% of small businesses fold within six months of a data breach. When something as simple as an employee opening a phishing email can doom the business you’ve worked so hard to create, the cybersecurity stakes are sky-high.
Security measures only take you so far
Speaking of phishing emails… most businesses don’t realize that their greatest vulnerability is not weak security measures, but their own employees. Numbers vary across studies, but nearly all show that over 50% of data breaches are caused by human error, with the most common being an employee clicking on a compromised link in an email. As you’re reading this, think back to a time when you clicked on an email from an unknown source. Was it yesterday? This morning? It happens all the time, and sometimes that’s all it takes. Scary, right?
Invest in a backup plan: Cyber liability insurance
“It’s not a matter of if, but when,” is a fear that is becoming more common to small business owners. As small business owners hear about similar companies being hacked, they are adding a layer of protection in the form of insurance. Cyber liability insurance covers the financial costs of a cyber attack, including the costs of stopping the breach, replacing lost or damaged data, analyzing your systems, identifying and fixing vulnerabilities, adding new security layers, notifying customers, dealing with any PR fallout, and legal fees if you face lawsuits or fines. Cyber liability insurance is highly customizable, with limits generally starting at $500,000+, with $1M in coverage usually costing $1,000 or less. In a world where over 60% of all attacks are targeted at small businesses, it is a small price to pay to know your business is protected in the case of a breach.
This article contains general legal information and does not contain legal advice. Rocket Lawyer is not a law firm or a substitute for an attorney or law firm. The law is complex and changes often. For legal advice, please ask a lawyer.