Cyber Security and Your Small Business

High-profile cyber attacks on companies such as Target and Sears have raised awareness of the growing threat of cyber crime. Recent surveys conducted by the Small Business Authority, Symantec, Kaspersky Lab and the National Cybersecurity Alliance suggest that many small business owners are still operating under a false sense of cyber security.

The statistics of these studies are grim; the vast majority of U.S. small businesses lack a formal internet security policy for employees, and only about half have even rudimentary cyber security measures in place. Furthermore, only about a quarter of small business owners have had an outside party test their computer systems to ensure they are hacker proof, and nearly 40% do not have their data backed up in more than one location.

Don’t Equate Small with Safe

Despite significant cyber security exposures, 85% of small business owners believe their company is safe from hackers, viruses, malware or a data breach. This disconnect is largely due to the widespread, albeit mistaken, belief that small businesses are unlikely targets for cyber attacks.

In reality, data thieves are simply looking for the path of least resistance. Symantec’s study found that 43% of attacks are against organizations with fewer than 250 employees.

Outside sources like hackers aren’t the only way your company can be attacked—often, smaller companies have a family-like atmosphere and put too much trust in their employees. This trust can lead to complacency, which is exactly what a disgruntled or recently fired employee needs to execute an attack on the business.

Attacks Could Destroy Your Business

As large companies continue to get serious about data security, small businesses are becoming increasingly attractive targets—and the results are often devastating for small business owners.

According to a recent study by the Ponemon Institute, the average annual cost of cyber attacks for small and medium-sized businesses is over $2 million. Most small businesses don’t have that kind of money lying around, and as a result, nearly 60% of small businesses victimized by a cyber attack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it was too late because they feared the costs would be prohibitive.

The Cost of a Small Business Cyber Attack

The staggering cost of a cyber crime often shuts a small business down. As an article in Security Magazine recently shared, “The average cost of recovery from SMB data breaches is $36,000 and can even lead to a loss of $50,000.” Sometimes this number is even higher if the breached data gets into the wrong hands.

A recent particularly bad example in our area occurred when a local teenager hacked a small business and stole social security numbers and bank account data from customer accounts. The teen sold this information to an online company that used the data to create false identities for criminal use.

This small business incurred customer notification and credit monitoring costs, legal expenses, and damages from potential lawsuits resulting in more than $500,000 in damages.

Some damages and costs are not monetary. Often a breach causes considerable damage to your brand and business reputation as well. Many of your customers may terminate your services or no longer frequent your business after an attack. In addition, payment card companies may no longer want to work with you to provide customer card services.

The Most Common Types of Cyber Attack Claims

Aside from educating yourself on the security threats out there and taking steps to fortify your business, one of the best things you can do to protect yourself is to get cyber liability insurance. By getting the right cyber attack insurance policy, your small business receives a sense of security in case of an attack. The following are some of the most common types of cyber liability policy claims:

• Stolen laptops or computers
• Rogue employee that steals data or equipment
• Spyware virus
• Dumpster Diving data breach
• Data theft extortion
• Improper equipment disposal leading to breach
• Reputation harm and public relations costs due to a breach

10 Ways to Prevent Cyber Attacks

Even if you don’t currently have the resources to bring in an outside expert to test your computer systems and make security recommendations, there are simple, economical steps you can take to reduce your risk of falling victim to a costly cyber attack:

1. Train employees in cyber security principles.
2. Install, use and regularly update antivirus and antispyware software on every computer used in your business.
3. Use a firewall for your internet connection.
4. Download and install software updates for your operating systems and applications as they become available.
5. Make backup copies of important business data and information.
6. Control physical access to your computers and network components.
7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
8. Require individual user accounts for each employee.
9. Limit employee access to data and information, and limit authority to install software.
10. Regularly change passwords.

In addition to the listed tips, the Federal Communications Commission (FCC) provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. It can be found at www.fcc.gov/cyberplanner.