Is your small business prepared for a cyber attack? Here’s why it should be.
A cyber attack on a small business can be devastating. In fact, 60 percent of small companies are unable to sustain their businesses more than six months after a cyber attack, according to the U.S. National Cyber Security Alliance.
Small businesses that run e-commerce sites have even more security concerns because of the personal and financial information they collect.
“The threats increase when a small business operates an e-commerce component to their website as they collect more sensitive information from customers,” says NFIB member Mark Densmore, president of Densmore Insurance Strategies Inc., an insurance agency in Bondurant, Iowa. “A business may be collecting personal identifiable information, personal confidential information, and in some cases personal health information. There are specific laws, fines, and penalties that can be imposed if you or even one of your vendors has a cyber incident. You can ultimately be held financially responsible for the fallout costs.”
For example, the Payment Card Industry Data Security Standard may require that a merchant that is even suspected of having a data breach undergo a forensic examination to determine whether an actual breach occurred and, if so, to what extent. Depending in the size of the business, average costs range between $10,000 to more than $100,000.
And according to NFIB member Joshua Boyd, president and CEO of Computer Pros, an IT firm based in Nashville, Tennessee, cyber attacks on small businesses are only increasing.
“We are seeing a massive rise in phishing attempts,” he says. “These are attempts to obtain user credentials for popular websites, like Dropbox.com, Google, Microsoft Office365, banking sites, and more. The hackers send emails that look very convincing and get end-users to sign into a fake website, which then provides the hackers with their credentials.”
So what can small business owners do to protect their data, their customers, and themselves? According to Boyd and Densmore, business owners can start with these three steps.
RELATED: Cybersecurity Resources for Your Small Business
1. Use An External Security Auditor
Before implementing any meaningful changes, it’s important to pinpoint the most vulnerable sections of your current security protocol. Boyd recommends hiring an external company to conduct security audits. In addition to security audits, most IT service providers will also do a vulnerability scan and ensure that your business is adhering to the best IT practices.
2. Train Employees Regularly
According to a report by Kaspersky Lab, 33 percent of incidents affecting infrastructure hosted by a third party were caused by phishing or other social engineering techniques such as baiting, scareware, or spear phishing. For businesses that experienced a breach, the top three types of data stolen included customer identities, payment information, and user authentication credentials, and on average, a data breach costs small business owners $206,000.
Training your employees on an ongoing basis can help them become familiar with known threats and recognize new threats. This is essential to minimizing the greatest cyber exposures businesses have, says Densmore. Cyber liability coverage can also include business income that can keep you afloat until you are back up and running again, he adds.
3. Create a Cyber Liability Insurance Plan
For business owners operating solely online, it’s crucial to ask how much it would cost if your website went down for an hour, a day, a week, or even a month.
In the event of a cyber attack, cyber liability insurance will cover expenses such as credit monitoring for affected customers, lost revenue, crisis and reputation management, customer notification, and investigation of the attack.
The cost of a cyber liability insurance plan depends on your industry, the size of your business, and how comprehensive you want your plan.
According to Fit Small Business, while the cost of cyber liability insurance depends on your industry, the size of your business, and how comprehensive you want your plan, annual premiums for small business owners can range anywhere from $1,000 to $7,500.
“Cyber liability coverage can include business income that can keep you afloat until you are back up and running again,” says Densmore.