Target, Home Depot, Sony, Anthem; most of us can name all of the big, national brands that have experienced cyber hacks and data breaches. Many of you may have been victims yourselves. “How does something like this happen?” I asked myself the very same question. Some argue there are hundreds, if not thousands of hackers attempting to infiltrate the Fortune 1000 type companies each and every day. That very well may be true, but possibly more alarming is the amount of hacks attempted each day on our small and medium sized businesses. Even scarier still, is how many times they are successful. The most scary of all? How many are successful and we never even know. The barriers fail, the thief escapes without anyone detecting the tracks, and nobody is the wiser. What they were able to get out the door is anyone’s guess.
My Business is Too Small and Off the Radar
According to Symantec, 43% of all Cyber Attacks are targeted towards small businesses. The most likely companies to be hacked by employee size? 251-500 employees. The next most likely? 1-250 employees. A company this size is 2x as likely to get hacked as a company with 2,501 or more employees. In a small business, 1 in every 184 emails is identifiable as “Malicious”. You are not definitely going to be successfully attacked, but it is almost guaranteed that someone will be attempting to attack your company.
Improving Your Odds
There probably is not much you can do to reduce your chances of being the target of an attack. The variable you can control is the likelihood your business will be a victim and to what degree. You can look at it in two distinct parts.
- What security measures am I taking to protect my company?
- What plan and solutions do I have in place should my security measures fail?
The first most likely requires you employing an outside person or firm who is proficient in data and cyber security. Not only can they provide software and hardware solutions, but they can perform pressure tests in order to gauge the vulnerability of your systems. Additionally, they can provide systems and training for your employees to help minimize the human elements that often lead to data breaches.
The second part of your planning requires recovery planning. How do I replace what I lost? This can be the replacement of equipment, money, and even goodwill in the community. First, you need to make sure you have the financial means to complete all of these steps. The easiest and most cost effective way is to transfer the majority of the risk to your insurance carrier via policies for Cyber Liability and Data Breach. If you have a policy that is more than a year or two old, it is probably outdated. The language and coverage in the insurance policy typically lags behind emerging risks and threats. Once you have the appropriate Cyber Liability and Data Breach policies in place, you should then have an actionable plan of how to utilize the funds to get your business back up and running to the level it was pre-attack.
Great, Now How Do I Develop & Implement These Safeguards?
You should start by contacting a reputable Cyber Security firm and/or a trusted Insurance Advisor that specializes in you industry, as well as Cyber Liability and Data Breach coverage. Each of these professionals should be able to quarterback the process and recommend other professionals that can provide ancillary services to assure your business is as protected and safe as possible.