Cybersecurity is a major concern in our inter-connected world. NH SBDC is taking small, vetted steps to provide NH small businesses with information on the topic. Thank you to Anthony Perkins, Eric Langland, and Daniel Kelly McCue, Bernstein Shur, for contributing this article series.
The frequency of cyber attacks on small and medium sized businesses (SMBs) is increasing. From 2017 to 2018, in a survey of SMBs with 100 to 1,000 employees, the percentage of SMBs that experienced a cyber attack increased from 61% to 67%. Of those companies that reported an incident, the average spending was $1.43 million in the aftermath of an attack. In addition to attack-related expenses, the disruption to normal operations cost an average of $1.56 million.
While the larger enterprises skew these expense figures upwards, according to the 2018 Verizon Data Breach Investigations Report, 58% of cyber attack victims were small businesses with fewer than 250 employees. These expenditures help frame the discussion when considering what preventative steps to take. So what can be done?
1. Begin with a risk assessment of the company’s information security practices.
2. After assessing potential risks, implement the new security controls.
3. Take a look at the company’s cloud computing practices.
4. Take steps to make cybersecurity a part of the business’ regular risk-management procedures.
The end goal is to try and make cybersecurity awareness part of the firm’s culture. One way to do this is to review systems and procedures regularly and incorporate tests to improve security. A good practice is to dispose of programs or physical devices that are no longer needed. If the company experiences a cyber attack, remove any ongoing threats and then conduct a post-breach review, including compliance with any relevant breach notification laws.
5. Consider cyber insurance coverage.
In general, cyber insurance policies will protect against the loss or damage of electronic data. With the increase in cyber attacks in recent years, these policies are becoming more popular. Not only do they help to mitigate financial risk, but they also provide an ally who is familiar with the company if a breach does occur. Without a cyber insurance provider already in place before an attack, a firm will be left to deal with security companies who must analyze the situation based upon their first impression.
Bernstein Shur has developed a checklist with these steps outlined that you can download. Reducing a Small Business’ Potential Cybersecurity Risks Checklist
Cybersecurity image thanks to https://pixabay.com/users/thedigitalartist-202249/