Seven months of 2019 have been and gone and already there are seven months of cyber-attacks to show for it. Facebook, Fortnight and First American have all seen massive data breaches within their ranks, big enough to suggest that new companies considering a name beginning with the letter ‘F’ might be more superstitious when making their final selection.
The paradoxical issue here is that the last few decades have seen technology become an increasingly integral aspect of the workplace with a host of business benefits. However, technology has become so synonymous with the internet (think IoT) that the risk of malicious cyber breaches just keeps getting bigger and bigger as you connect more and more devices to it.
Think about it, right now you’re casually relaxing in the work bathroom and reading this article on your mobile phone whilst you avoid doing work on your laptop. Did you know that the biggest threat in this scenario comes from your toilet? Yes, smart toilets are a thing because of course they are and any hacker worth their salt can send your flush into overdrive and leave you with a mess to clean up that hurts much more than a mere data spillage.
Listen I don’t know about you but when the bathroom is no longer my safe space, it’s time to take serious precautions. But how should you do it?
Step One: Heed the warning
Your goal is simple: protect your business and customer data – easy! But is it? Whilst we all know what needs to be done, only 14% of small business owners believe that their current setup will protect them against malicious intent. This is even more shocking when you consider that:
• 43 per cent of cyber-attacks target small business.
• 60 per cent of small companies go out of business within six months of a cyber-attack.
• 48 per cent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
These interesting stats from Smallbiztrends essentially say that the average small business owner is aware of the danger of being attacked but is in real danger if that danger ever becomes dangerous. Just in case you like sentences with actual meaning, what these stats indicate is that business owners seem to be acutely aware of the risk and consequences but are leaving themselves open to potentially going out of business by not having the necessary measures or experience in place to protect themselves. Which brings me to my next point…
Step Two: Get expert advice from an external source
Boffins at IBM Security recently worked out that the average worldwide cost of a data breach has risen 12 per cent over the past 5 years to £3m. They’ve also found that data breaches cost companies around £125 per lost or stolen record. All this means is that unless you are Amazon founder Jeff Bezos (who earns a whopping £150k per minute) then you need to take this seriously – and this means getting help from the outside.
We’re at a time where the technology encompassing cybersecurity and data is in a constant state of change and hackers are exploiting code faster than ever before. Now you may have a talent pool with more coding experience than Zuckerberg, Berners-Lee and that rogue nerd from Mr Robot combined, but if their sole focus is not on security then the result is always the same: vulnerability.
Research and partner with a cybersecurity professional that can be your eyes on the ground and first line of defence against malicious intent. Not only that, if you ever do get into a difficult situation with a breach, they’ll fend off have-a-go lawsuits by demonstrating you took adequate measures for security.
Step Three: The best form of attack is defence
Work with your provider to develop a cybersecurity policy and defence plan. Detail what measures you will take in the event of an attack and outline precise steps for employees to take to ensure client and company information is protected adequately. Raising cyber awareness is crucial to any plan too, think of it like a fire drill, when the alarm goes off, everyone needs to know their roles to maximise safety and minimise damage.
A typical plan should achieve the following:
• Secure your Internet connection
• Secure your devices and software
• Control access to your data and services
• Protect from viruses and other malware
• Keep your devices and software up to date
Putting and documenting your plan doesn’t just give you peace of mind, but also elevates your business reputation as you reassure current customers that you’re a safe company to work with, whilst attracting new sales with the promise that you have clear cyber securities measures in place.
Step Four: Get insured
Have you ever bought a new phone only to drop it down the toilet after a particularly rough drinking/hacking experience the very same week? These are the times when you need to have insurance in place – specifically cybersecurity insurance.
It’s worth noting that cybersecurity insurance is not the same as a cybersecurity plan and isn’t a simple fix for avoiding the rest of these steps. You still need to ensure you’re compliant and have policies in place to protect your business. A cybersecurity insurance policy will only payout if you can demonstrate you’ve been breached despite these taking these measures. In that way, it’s a good driver to keep on top of your policies as well as providing peace-of-mind from a financial point of view.
So, whilst an insurance plan won’t cover your loss in business reputation or data loss, it will help ease the financial burden and allow you to continue trading without fear of going out of business. As we learned earlier, 60% of businesses go out of business within the first 6 months of a cyber-attack and a lot of the time this is due to the financial impact it has on the bottom line.
Remember that cyber-attacks can happen to small and large businesses at any time and if you’re not careful you could find yourself in a difficult situation that can be avoided. Follow these steps and you’ll be able to go to the toilet in peace again.
Excell is currently providing a free vulnerability scan that provides you with a full security report and gap analysis, please contact us now at firstname.lastname@example.org to make sure you’ve covered.