I want to start by asking you a simple question…What is your most significant threat to your business?
Would you be surprised if I say that poor cybersecurity, not competitors, and not the Coronavirus may be the biggest threat to small to medium enterprises and start-ups?
Let me relate to you a story or two…
Wood Ranch Medical in California suffered a ransomware attack in 2019 that not only encrypted regular data such as patient medical records but their backups as well. After determining they had no way to recover the data or rebuild their patients’ medical records, the facility announced that it would permanently close its doors.
This is not the first practice that has been forced to shut down as a result of a ransomware attack, and it is unlikely to be the last. Earlier this year, Brookside ENT and Hearing Centre in Battle Creek, similarly experienced a ransomware attack that permanently encrypted patient records. Its owners took the decision to close the business and take early retirement rather than rebuild the practice from scratch.
A study by the NSW Small Business Commissioner in Australia found that approximately 66% of small-business owners report feeling well-informed about cybersecurity risks.
The report went on to say that More than 85% of Australian SME owners believing that they’re safe from cyberattacks because they’ve installed antivirus software.
This overconfidence, in conjunction with spending less on establishing cyber resiliency practices in place, is weakness hackers can easily identify and exploit.
Unfortunately, many small businesses don’t think about cybersecurity until after a security breach. Not having the necessary cybersecurity practices can cost your business money, time and result in lost sensitive information.
Cyberattacks are the new normal for small business. Media reports may focus on corporate mega breaches, but small businesses are the new frontier for cybercriminals.
A recent Verizon data breach report said small businesses are the target of 43% of cyber-attacks.
The average loss per attack averages more than $200,000. Even worse, one report suggests that 60% of small businesses fold within six months of a successful cyberattack.
Why is cybercrime a big problem?
There are a few significant reasons small businesses are particularly vulnerable to cybercrime activities:
They can’t afford dedicated cybersecurity staff. Good cybersecurity people are expensive, and they instead focus on solving problems for the medium to the large enterprise than small businesses. Hence, cybersecurity falls onto some person that has basic IT knowledge.
Inadequate or non-existent computer and network security. Small businesses don’t have the capital to invest in sophisticated defence technologies to prevent cyberattacks.
Lack of a backup plan. Many small businesses don’t have a proper functional backup system. And it never gets tested.
Employees unknowingly help cybercriminals attack businesses. Staff members just don’t take time to acquire the necessary cyber awareness and good cyber hygiene to prevent cyber threats from affecting their business since they are swamped and have other priorities.
Small businesses are comparatively easy to attack. Hackers can find entry points to access valuable customer financial data more readily because of the absence of protection.
What’s at risk for a small-to-medium-sized business?
Operational Impact: Loss of productivity and the costs of external assistance
Personal Impact: Cost of counselling; Cost of hiring; Cost of replacing; Cost of training
Physical Impact: Cost of repairing damaged goods; Cost of replacing goods; Cost of borrowing goods
Legal Impact: Cost of penalties associated with contract, regulation & legal breaches. Cost of court cases
Reputation Impact: Loss of revenue; Cost of PR & Media; Cost of Communications
Financial Impact: Cost of losses of money stolen; Cost of business value depreciation
What Can You Do About It?
More than ever, sensitive data, intellectual property and personal information of small and medium-sized firms are targeted by an ever increasing and sophisticated community of cybercriminals.
With this in mind, common sense dictates business owners remain on their toes and mindful that they are one step away from being a potential cyber victim.
Cybercrime continues to be a force to be reckoned with. You may be thinking that the only kind of cybercrime you need to be concerned with is hackers getting their hands on your financial information…I wish it were that simple. There is a lot more to consider beyond just financial information. Cybercrime is an evolving area, with new dangers emerging.
Instead, it is a good idea to be armed with the right knowledge so that you can recognise cybercrime when you see it.