High-profile cyber attacks on large companies have raised awareness of the growing threat of cybercrime. Recent surveys conducted by the Small Business Authority, Symantec, Kaspersky Lab and the National Cybersecurity Alliance suggest that many small business owners are still operating under a false sense of cybersecurity.
The statistics of these studies are grim; the vast majority of U.S. small businesses lack a formal internet security policy for employees, and only about half have even rudimentary cybersecurity measures in place. Furthermore, only about a quarter of small business owners have had an outside party test their computer systems to ensure they are hacker-proof, and nearly 40% do not have their data backed up in more than one location.
Why is Small Business Cybersecurity Important?
Despite significant cyber security exposures, 85% of small business owners believe their company is safe from hackers, viruses, malware or a data breach. This disconnect is largely due to the widespread, albeit mistaken, belief that small businesses are unlikely targets for cyber attacks.
In reality, data thieves are simply looking for the path of least resistance. Symantec’s study found that 43% of attacks are against organizations with fewer than 250 employees.
Outside sources like hackers aren’t the only way your company can be attacked—often, smaller companies have a family-like atmosphere and put too much trust in their employees. This can lead to complacency, which is exactly what a disgruntled or recently fired employee needs to execute an attack on the business.
Cyberattacks Could Destroy Your Business
As large companies continue to get serious about data security, small businesses are becoming increasingly attractive targets—and the results are often devastating for small business owners.
According to a recent study by the Ponemon Institute, the average annual cost of cyber attacks for small and medium-sized businesses is over $2 million. Most small businesses don’t have that kind of money lying around, and as a result, nearly 60% of small businesses victimized by a cyber attack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it was too late because they feared the costs would be prohibitive.
Common Threats to Small Business Cybersecurity
Cyberattacks are evolving and the threats are becoming more adaptive and intelligent. Small and large business owners should be aware and informed on the eattacks that they could face. To learn more about these threats, contact an Acrisure Agency Partner today.
- Malware: A software that disrupts a computer, server, client or network to gain unauthorized access to private information.
- Viruses: A computer program that can duplicate itself and spread from computer to other devices to corrupt and cause significant damage such as erasing everything on a hard drive.
- Ransomware: A type of malware that threatens to utilize victims private data unless a ransom is paid.
- Spyware: A software with malicious behavior that gathers private information to share with another entity that harms the user.
- Phishing: A type of social engineering that sends a fraudulent message that may look reputable to trick the victim into revealing sensitive or private information.
10 Ways Small Businesses Can Prevent Cyber Attacks
Even if you don’t currently have the resources to bring in an outside expert to test your computer systems and make security recommendations, there are simple, economical steps you can take to reduce your risk of falling victim to the costly cyber attacks above:
- Train employees in cybersecurity principles.
- Install, use and regularly update antivirus and antispyware software on every computer used in your business.
- Use a firewall for your internet connection.
- Download and install software updates for your operating systems and applications as they become available.
- Make backup copies of important business data and information.
- Control physical access to your computers and network components.
- Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
- Require individual user accounts for each employee.
- Limit employee access to data and information, and limit authority to install software.
- Regularly change passwords and enable multi-factor authentication.
In addition to these listed tips, the Federal Communications Commission (FCC) provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.
Get Small Business Cybersecurity Advice
A data breach could cripple your small business, costing you thousands or millions of dollars in lost sales and/or damages. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from cyber attacks. Contact an Acrisure Agency Partner for additional small business cybersecurity risk management guidance and insurance solutions.
For additional information, please visit our website at Acrisure.com. Products or services identified herein may not be available in all jurisdictions. The information and descriptions contained herein (a) are not necessarily intended to be complete descriptions of all applicable terms, conditions, and exclusions of the policies referenced, (b) are provided solely for general informational purposes, and (c) should not be viewed as a substitute for legal, regulatory, or other advice on any particular issue or for any particular reason. The advice of a professional should always be obtained before purchasing any insurance product or service, and you should not rely on the information provided herein for the prevention or mitigation of risks or as a full and complete explanation of coverage under any insurance policy. While the information contained herein has been compiled from sources believed to be reliable, no warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any representation contained herein.
This Cyber Risks & Liabilities document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2012, 2014 Zywave, Inc. All rights reserved.