In our October 2022 “Office Hour with SKC”, Sarah Krom was joined by Cynthia Hetherington, founder and president of Hetherington Group, where they discussed what can be done about data breaches and how small businesses can protect themselves from a cyberattack. Below are the top three takeaways from their discussion.
1. The Risk to Small Business is Real
We certainly have heard the headlines about Uber and Crypto and Microsoft all getting hacked. Maybe as small business owners we have the misnomer that we’re not actually going to be victims because our data is insignificant. But nothing could be further from the truth – small businesses are just as likely targets of data breaches and cyberattacks as large businesses.
Smaller companies often face greater challenges recovering from breaches, with potentially insurmountable financial impact. In 2020, the average ransomware payment was just under $100,000 – and by 2021 it was up to $125,000. And, under 25% of small businesses that experience a cyberattack are actually reporting it. They are unsure of who to call, what the process is, if it’s worth reporting, etc.
Regardless of the size or industry of the business, there is data being stored that hackers want. At the very least, small businesses keep employee records and individual data, as well as personal customer contact data, such as addresses, phone numbers, email addresses, etc. It’s not a matter of if you have it, it’s how much you have.
2. Cyber Insurance is Important
If you are a small business that carries cyber insurance, you know that the application process has become more complex over the last several years. And the premiums for these policies are not inexpensive.
Cyber insurance is a valuable component in a larger risk management strategy that includes technology as well as training, education, and testing. Although there are varying opinions, cyber insurance policies do pay claims for ransomware, network interruptions, data breaches, and related liability based on your policy specifics. It is imperative to work closely with your insurance professionals on this to ensure you have the appropriate coverage for your business.
3. Ways to Minimize Risk:
“If you have locks on your doors, you better have locks on your networking and your information systems.”
- Prioritize IT in your organization. Whether this is an in-house IT team or an outsourced IT company, make sure best practices are being implemented and followed.
- Have an “emergency contact” list visible and readily available so your staff knows who to call if a breach happens.
- Have your compliance systems in place so you know you are operating at the most secure level possible.
- Involve your employees. They are your greatest asset, but potentially, your greatest vulnerability. Connect with a company that can provide trainings through webinars, lectures and videos.
- Consult with an outside firm that’s practical and specialized in penetration testing to help you find employees that may be missing the mark. It’s not a personal affront, it’s a training exercise and will help everyone be more vigilant the next time they click on a link.
Click here for the full discussion on how you can protect yourself and your business from these attacks.