You may not realize that America’s small businesses are frequently the targets of cyber crime. However, the realities of the small business sector reveal why these hard-working enterprises are so attractive to online thieves:
- There are a lot of them. Small businesses, those that employ 500 workers or less, make up over 99 percent of all American companies;
- They generate more than 60 percent of new private-sector jobs, and
- They are 98 percent of the country’s exporters.
Small enterprise contributes more than 50 percent of the country’s non-farm gross domestic product, and all that productivity is exactly why cyber criminals target these entities – they generate a lot of money.
Cyber Attacks on Small Companies are Increasing
According to a 2016 report by Symantec, cyber criminals targeted one in 40 small enterprises in 2015, totaling 43 percent of all reported cyber crimes. That figure contrasts starkly with the 2011 figure of only 18 percent. In 2013, the average "direct" cost of the small business cyber attack, (damages to victims, costs to repair, etc.) was $9,000, which doesn’t include "soft" costs such as brand damage and lost customers.
Most small businesses don’t prepare for an attack because they think they are too small to be attractive. However, a single breach of customer information can fatally damage a company’s reputation and put it out of business. A 2012 National Cyber Security Alliance study indicated that, of the small or medium-sized businesses that suffered an attack in 2011, 60 percent went out of business within six months.
Protect Your Enterprise
So how do you protect your thriving small company from cyber attacks? Experts recommend educating yourself and your employees about what the threats look like and how to handle them if or when they occur.
Know What You’re Looking For
There are several types of cyber crimes. These examples are popular:
A preferred tactic is "phishing," or sending emails laden with malware to the inboxes of trusting employees. Masked as product inquiries, support concerns, or sales offers, staff open the email and unleash a worm or virus that attacks the company’s hard drives and databanks. Sometimes the malware isn’t detected for days, weeks or months, allowing the thieves to track and steal customer data or proprietary account information.
Unsolicited junk email is also a frequent "Cyber threat" flyer. Unlike phishing attempts, spam looks like trash but might still be attractive to a curious worker. These emails can also contain malware that can take down your business. (Note: sometimes a company’s marketing material might inadvertently look like spam. The cyber crime law CAN-SPAM Act of 2003 provides guidelines to follow so your advertising information doesn’t mislead your potential consumers.)
This insidious software allows hackers to monitor what you and your employees are doing online. It enters your system through emails, downloads or even links found on credible sites. These hackers spy into your customer database and vendor files, stealing passwords, bank account details and other private information.
Educating Employees about Cyber Security
Your well-trained workforce is your strongest defense against cyber criminals. Every employee should be properly trained on both what threats look like and the proper procedures to maintain appropriate security practices:
Keep Their Machines Clean
Work computers are for work duties only. Employees who routinely keep personal information on their office machine, or who use their work computers for private business, are creating a risk of a cyber attack on their employer.
Avoid Suspicious Entries
Email, links, social media alerts and other online opportunities have all been used to carry out a cyber attack. Unless there’s a reason to trust the sender, delete the connection without opening it.
Engage Healthy Security Practices
Your company has firewalls and antivirus programs installed that only work if your staff uses them. Strong passwords on each machine eliminate the possibility of improper entry, and changing passwords from machine to machine and account to account limits access, if any, to that single breach.
Implementing a company-wide cyber security plan and training your staff well will provide a strong defense against online criminals.
Managing a Hack
Statistics indicate that the odds of your small business getting hacked are going up. Part of your cyber security plan should also include what to do if the hack occurs.
The Department of Homeland Security and the FBI have websites where you can report the attack on your enterprise. Do this first.
Contain the Event
Sometimes, hacks affect a single computer or corporate department. Unplug all electronic devices in the network and have each thoroughly scanned and cleaned. Be sure to include spyware and spam filters in that process. Run tests on all other hardware and software to eliminate any opportunity for the malware to resurface.
Inform Your Consumers
Cybersecurity laws require you to inform your customers if their personal information may have been or was stolen from your corporate databases. Getting that information to them as quickly as possible lets them take steps to reduce their damages. Note: if you have more than 500 customers affected, many states require you to file a report with the Attorney General’s office.
Cyber insurance is quickly becoming a normal part of the cost of doing business. Your current insurance carrier may have policies available that will get you covered immediately.
Cyber crimes are a part of doing business in today’s global economy. Smart business owners plan for that possibility by ensuring their enterprise has adequate cyber security systems, a well-trained staff and a plan to manage the damage if it happens.
Looking for Business Financing?