2/3rd of small business owners don’t worry about cyber-attacks. And, honestly, that number is ridiculously high. According to CNBC, “Cyberattacks now cost small companies $200,000 on average.” A $200,000 cost would bankrupt many small businesses. So, why aren’t we acting?
Thinking about making changes to your business? ProStrategix knows how to help. Read some of our other articles below, or feel free to connect with us and get a complimentary thirty-minute consulting session.
Few Small Businesses Perceive Cyber-Attacks as Threats
Two-thirds of small businesses think that they are at risk of a cyber-attack. Less than 10% of small businesses think a cyber-attack is very likely. 60% of us don’t have a cyber-attack prevention plan. In fact, less than 10% of small businesses rank cybersecurity as a top priority, and nearly double that amount feels it’s their lowest priority.
Our Complacency Makes Us a Big Target
Nearly 4 in 10 attacks are targeted at small business. Some estimates put this number at 67% attacked in the past year. It makes us very vulnerable to a very costly expense. The sad truth is you may not have the chance to act if one happens to you. Few small businesses can absorb a hit of $200K and stay alive. In fact, 6 of 10 small businesses go out of business within six months after a cyber-attack.
Why Don’t We Act?
- We underestimate the risk, and we think we have bigger fish to fry
- Few of us know what to do
- We think it only happens to big companies. We’re too small, too unknown, etc.
- Password protection isn’t enough
What Can We Do?
While password security isn’t all you need to do, it is the first step. Why you may ask? It’s because 81% of data breached are caused by weak or stolen passwords.
Steps for creating and maintaining passwords
- Create a password policy – strong passwords with a requirement to change them frequently (60 – 90 days)
- Train your employees on the password policy
- Audit your password policy
The next step is to determine which data are the most sensitive to least sensitive. This simple classification can be helpful.
Data security levels – sample case
- Red – the highest level of sensitivity – employee SSNs, client credit card information, financial data, etc.
- Yellow – business plans, marketing plans, client proposals, contracts, etc. (could be red depending on their importance to your business)
- Green – publicly available information
Once you have classified your data, then you need a storage policy. One possible suggestion could be the following. Red-level data need to be on servers with limited access both internally and externally. This usually means stored locally. Yellow-level data can be stored in strongly protected cloud resources, such as Microsoft Sharepoint or Shared Drive. Green-level information can be stored on shared servers.
Finally, you should consider purchasing cyber-insurance. This will help protect you financially in case of a breach. You can get much more complex, but with at least these simple steps, you can reduce your risk significantly.