Cybersecurity is a big issue these days. I don’t think I have to tell you that. It is in the headlines almost every day. One huge aspect of cybersecurity is that hackers are going after companies and trying to defraud them all the time. They do this through ransomware, stealing sensitive company data, social engineering, phishing attacks or a combination of these techniques. And they do this for one reason – it is profitable.
Here is a statistic that you are probably not aware of – 71% of data breaches occur in small and medium-sized businesses. SMB data breaches typically don’t make headlines, but the results can be disastrous. A 2012 National Cyber Security Alliance Study stats that 60% of Small Businesses go out of business within 6 months of a data breach. Obviously, we want to prevent anything like this happening to your firm. So how can we stop this? The common thread in the vast majority of attacks points to the weakest link in your IT network ...your employees. According to a 2014 IBM study, 95% of breaches are caused by human error.
*Verizon 2013 Data Breach Investigation Study
Common SMB issue:
Most employees in your non-technical line of business are not cybersecurity minded. Many still click on phishing scams e-mails. Cryptolocker and other malicious viruses wreak havoc on a network. Employees lose or laptops are stolen and data exposed. This leads to PCs being replaced and money lost. Employees need to be trained on a regular cycle about the dangers of phishing scams, wi-fi dangers, physical security of mobile devices, and other critical matters when it comes to information security. These are not necessarily the employee's fault. Many times the business lacks the correct policies to keep the staff informed.
“I didn’t know that I wasn’t supposed to send Credit Cards via email.” “My employees know that they shouldn’t do that.” Sound familiar? It may be because there are no set security policies for your office. Companies need a set information technology processes for things like BYOD, employee termination, and personally identifiable information. Formally written policies for the network, physical, and administrative security. This keeps everyone on the same page and minimizes risk.
SMBs typically underestimate how much data they have that is sensitive. “We are small, who would want our data?” “We don’t have that much data that we need to be concerned.” "We have a firewall and anti-virus, we have security covered.” Having your IT champion or managed service provider perform a security risk assessment and data liability report. This helps you know cybersecurity risk exposure and help determine your liability per device.
We have concluded that the best way to minimize the “human impact” mentioned above is through IT security training. Having a breach preparedness plan and security policies are invaluable to a business's future success. These policies and procedures should be audited with a security risk assessment. Consider having a cybersecurity professional take a look at your plan and network.