Small- and medium-sized businesses are increasingly vulnerable to cybersecurity attacks and need to take steps to protect their assets, says Jennifer McDonald, Senior Product Development Analyst at United Fire Group (UFG Insurance).
Unfortunately, many of these companies fail to see the threat. It could be that they don’t think they have anything a hacker would want. Or it might be difficult to believe that such a crime could occur in their business.
“No one is immune,” McDonald says. “Just as you do disaster planning to prepare for a fire in your building or a tornado or some other physical damage, you need to think about your data and what you’re doing to make sure it’s secure. You also need to educate your employees and reduce the risk that they could inadvertently allow a hacker into your system.”
The methods hackers use to attack continue to evolve.
“We’re starting to see crossover from cybercrime to incidents where a hacker can cause real world property damage,” she says. “You need to be educated about what’s going on in the world of cybercrime.”
Smart Business spoke with McDonald about what you can do to reduce your risk of becoming a cybercrime victim.
What is the cost to your business when a cyberattack occurs?
The cost of a cyberattack comes in the form of time and money, as well as damage to your reputation.
There will often be forensic analysis that needs to be done on your machines, depending on the scope of the breach. You need to see how the breach occurred, what computers were compromised and where the virus is now. These are all things that can take significant time.
In terms of money, the average cost per compromised record in a cyberattack is a minimum of $154, according to Traverse City, Michigan-based Ponemon Institute. Verizon Business estimates the overall average cost of a data breach at anywhere from $36,000 to $50,000.
There is also the damage to your reputation and the time it takes to restore credibility with your customers after a breach has occurred that may have exposed confidential information.
What is the government doing to protect against cybercrime?
There is no legislation in the U.S. to assist cybercrime victims. The best option for companies is to work with a firm that specializes in cybersecurity breaches.
Part of the problem is that a lot of these attacks come from overseas from countries that are doing little to stop the hackers. In some cases, the governments in these countries may not even want to take on hackers out of fear that they could be targeted next.
How can a company protect itself?
The best tools to protect against cybercrime, in addition to a strong cyberinsurance policy, are awareness and preparation. You need to know what’s going on and where your company may be vulnerable to an attack.
Work with your insurance agent and cyber insurance company to address these weak spots and to develop best practices to reduce your risk.
Do you back up your data? Do you use passwords to protect your systems and do you change those passwords on a regular basis? Do you have a policy for when an employee is terminated to prevent an employee who left on bad terms from hacking into your system?
Smaller businesses may not be able to afford a full-time person to monitor these tasks, but there are a number of resources from free online quizzes to consulting firms that can assist you in protecting your business.
How valuable is employee training?
It’s critical that you educate employees to know the actions that could make it easier for an attack to occur.
Some companies embed photos with all internal emails so that if you get an internal email without a photo, you know something is wrong. You can also do mock viruses. Send an email to employees that include a suspicious-looking link and track how employees respond.
Place flash drives around the office and see who picks them up and tries to use them. Work with your team to ensure everyone understands the best practices to preventing an attack. ●
Insights Insurance is brought to you by United Fire Group (UFG Insurance)