By Jim Herrin, Director, Salt Lake Region
Small Business Development Center
Unfortunately this statement is a fact and the odds of it happening to your company are growing very rapidly. You may have think it only happens to others, but a cybersecurity breach is no longer a question of “if”, but of “when”. As one cyber security expert told me recently, “There are two types of companies; those that have been breached and those that don’t know they’ve been breached.” Here are a few statistics that should cause you shock and deep concern for your company:
- According to the U.S. Small Business Administration, 90% of small businesses fail within two years of a major data loss incident.
- Companies that cannot resume operations due to lost data within 10 days filed bankruptcy.
- Cyber security breaches are the second most common cause of data loss.
- In 2015, 43% of all spearpfishing attacks were targeted at small businesses. This is up from 34% in 2014 and only 18% in 2011 (Symantec, 2016).
- 96% of all business workstations are not being backed-up (Actifile, 2016).
- Average cost per major breach in legal fees is $690,000 – and only 25% of companies in 2014 maintained a cyber insurance policy (Travelers/NetDiligence, 2016).
If you are not too concerned about it, you are in good company. The chart below indicates that the vast majority of small business owners/decision makers are not very worried about their company’s cybersecurity threats.
Small businesses are particularly vulnerable to cyber breaches because they do not have the resources of larger companies, including personnel to maintain their IT systems. This is also why they are being targeted at high rate each year. Nevertheless, there are things a small business can do to reduce the risk and damage caused by cyber breaches. Tips that the U.S. Department for Homeland Security recommends for small business include (https://www.dhs.gov/sites/default/files/publications/Small-Business-Tip-Card_04.07.pdf):
- Make sure all of your organization’s computers are equipped with antivirus software and antispyware. This software should be updated regularly.
- Secure your Internet connection by using a firewall, encrypt information, and hide your Wi- Fi network.
- Establish security practices and policies to protect sensitive information.
- Educate employees about cyber threats and how to protect your organization’s data. Hold employees accountable to the Internet security policies and procedures.
- Require employees to use strong passwords and to change them often.
- Invest in data loss protection software, use encryption technologies to protect data in transit, and use two-factor authentication where possible.
- Protect all pages on your public-facing websites, not just the checkout and sign-up pages.
In an effort to provide the Salt Lake area’s small business owners some guidance, training and tools for implementing better cybersecurity in their company, the Salt Lake Area Small Business Development Center and SLCC Miller Business Resource Center are bringing in a very experienced expert to give a workshop on this subject and let you know how you can establish excellent cyber security for very little cost. This workshop will be held on Tuesday, December 13, 2016, from 9:00 am to 12:00 pm. We will be sending out details and how to register within the next two week.
Although we hear about mega cyber breaches from time to time, the major corporations that experience these do not go bankrupt. However, there is a much greater risk that your small business will. If you’ve been operating against the odds until now, you must secure your company before it’s too late. It’s not an “if” any longer.