Small businesses lack resources for security
Ask any cybersecurity expert, and they can tell you that most hackers target small businesses. What we’ve been seeing is a clear shift in focus with hackers targeting small to medium sized businesses over large enterprise business. While enterprise-level businesses can invest millions in security, the majority of small businesses do not have dedicated security or IT teams. Your Online Terms and Conditions may be helpful for legitimate customers, but typically mean nothing to a hacker.
Many small businesses think they are protected by their vendors and, as a result, are ripe targets. Cybercriminals are increasingly using ransomware attacks and the consequences can be devastating to small businesses. Some basic security measures you can take to protect your business include:
- Updating all systems and browsers when new updates come out.
- Requiring employees to add passcodes to their phones and devices if they use any public wifi networks.
- Adding multi-factor authentication to your access points.
- Installing anti-virus software if you haven’t already.
- Shredding all documents containing sensitive information.
You may want to consider learning about more ways to protect your business if you collect any sort of sensitive information from clients or customers.
The true cost of a data breach
You may be thinking, “I don’t store a lot of customer information, so a breach wouldn’t cost me that much.” Wrong. You are legally required to report a breach and notify your customers that have had their information compromised. Although it can vary across industries, the average cost per breached record is around $140. And that can add up quickly. The average cyber breach can cost a small business owner several thousand to several hundred thousand dollars, depending on how much information was stolen. Even more alarming is the rate at which small businesses go out of business after a breach. Over half of small businesses close within six months of a data breach.
When something as simple as an employee opening a phishing email can doom the business you’ve worked so hard to build, the cybersecurity stakes are sky-high. Training yourself and your employees on your Internet Policy, Social Media Policy, and generally how to avoid giving hackers the keys to the castle is one of the most critical steps to protecting your business from hackers.
Security measures only take you so far
Most businesses don’t realize that their greatest vulnerability is not weak security measures, but their own employees. While having an Information Security Policy is critical, good training is just as essential. Numbers vary across studies, but nearly all show that a majority of data breaches are caused by human error, with the most common being an employee clicking on a compromised link in an email. As you’re reading this, think back to a time when you clicked on an email from an unknown source. Was it yesterday? This morning? It happens all the time, and sometimes that’s all it takes. Scary, right?
There are steps you can take to safeguard your business, but it does require some work, and often some investment in technology. Simply learning about the current best practices, however, can go a long way.
Invest in a backup plan: Cyber liability insurance
“It’s not a matter of if, but when,” is a fear that is becoming more common to small business owners. As small business owners hear about similar companies being hacked, many decide to add a layer of protection in the form of insurance.
Cyber liability insurance covers the financial costs of a hack, including the costs of stopping the breach, replacing lost or damaged data, analyzing your systems, identifying and fixing vulnerabilities, adding new security layers, notifying customers, dealing with any PR fallout, and legal fees if you face lawsuits or fines. Cyber liability insurance is highly customizable, with limits generally starting at $500,000+, with $1M in coverage usually costing $1,000 or less. In a world where a majority of all attacks are targeted at small businesses, following best practices and carrying insurance as well may be a small price to pay to know your business is protected in the case of a breach.
If you have more questions about what you can do, legally, to protect your business in case of a hack, reach out to a Rocket Lawyer network attorney for affordable legal advice.
This article contains general legal information and does not contain legal advice. Rocket Lawyer is not a law firm or a substitute for an attorney or law firm. The law is complex and changes often. For legal advice, please ask a lawyer.
