If you’re a small business, you make up 99 percent of all the businesses in the world. It may seem like your size would make you a smaller cyber target. But, you’re actually more likely to be a target than a large enterprise. In fact, Verizon reported in its 2018 Data Breach Report that 58 percent of the victims were small businesses.
Why? According to Jody Westby, CEO of Global Cyber Risk, “It is the data that makes a business attractive, not the size — especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property.”
In addition to underestimating the value of their data, small businesses are unlikely to invest in protecting it, creating the perfect storm of vulnerability. Consider these statistics collected by Small Business Trends:
Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
60 percent of small companies go out of business within six months following a cyber attack.
48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
Small businesses are most concerned about the security of customer data.
While many small businesses are concerned about cyber attacks (58 percent), more than half (51 percent) are not allocating any budget to risk mitigation. When asked why, a popular response was that they, “feel they don’t store any valuable data.” Yet a good number reported that they in fact DO store pieces of customer information that are of significant value to cyber criminals:
- 68 percent store email addresses;
- 64 percent store phone numbers; and
- 54 percent store billing addresses.
Small businesses reported that only:
- 38 percent regularly upgrade software solutions;
- 31 percent monitor business credit reports; and
- 22 percent encrypt databases.
Don’t let these statistics overwhelm you. There are resources available, many of them free, that you can implement to shore up your cyber defenses. Here are some steps you can take to strengthen your security posture:
Identify the data you want to protect – think about those assets that would appeal to criminals – and make a commitment to build your security plan around it.
Assess your vulnerabilities. There are free resources to do this online, including this tool that allows you to do just that. This is a critical step in developing your cybersecurity plan.
Build a security plan based upon basic cyber hygiene principles and practices. Basic steps can go a long way toward preventing attacks or security incidents. A great place to start is the Center for Internet Security Control’s (CIS), which will guide you through 20 global industry best practices developed and maintained by cybersecurity experts and endorsed by leading IT security vendors and governing bodies. CIS claims that adopting only the first five on the list can reduce the risk of a cyber attack by 85 percent. The guidance is free and includes:
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
- Secure Configurations for Hardware and Software
- Continuous Vulnerability Assessment and Remediation
- Controlled Use of Administrative Privileges
Designate a central person whose job is focused on security. As a small business, you’re used to employees wearing multiple hats. Even if they’re not able to make it a full-time priority, having someone dedicated to looking out for your cybersecurity needs goes a long way.
Mastercard and the Global Cyber Alliance, a nonprofit organization dedicated to eradicating cyber risk, offers a free small business cyber toolkit that arms small business owners with basic security controls and guidance. It offers free assessment tools, tips, resources and guides to improve your company’s cybersecurity readiness and response.
Acknowledging your assets and vulnerability is the first step in enhancing your security. You can find many other general helpful cybersecurity resources for businesses on our website. We also invite you to follow us on LinkedIn or Twitter to take advantage of our tips and tools.
Written by: Sarah Nicholas
Sarah is the Director of Communications for Serendipity Communications. She lives in Plainwell, Michigan with her husband, daughters and stepson, with twin stepdaughters nearby. She is passionate about cyber safety education for children and enjoys ballet dancing, reading and volunteering at her children’s school.
The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual. Ameris Bank does not endorse nor is affiliated with the companies listed in this article.