Do small businesses need to protect themselves from hackers?
Who needs to worry about cybersecurity threats?
We've all read about recent cyber attacks, in which hackers have broken into computer systems of large companies like Target, Yahoo and JPMorgan Chase, stealing banking, personal and credit card information. Even U.S. government agencies have been attacked, including the U.S. Office of Personnel Management, when information related to security background checks of million of federal employees was stolen in 2015.
Even small and medium-sized companies are vulnerable to cyberattacks and hackers.
Roughly 43 percent of reported hacks in 2015 were directed at companies with fewer than 100 employees, and that threat is only growing, according to Symantec.
While many large companies have cybersecurity strategies, they're not guaranteed immunity from attacks. However, as big businesses build digital fortresses, making it more challenging for hackers to infiltrate, it seems reasonable to assume cyber terrorism will turn to smaller organizations, with easier targets and valuable data. And the worst part is, many small and medium-sized companies haven't addressed their risks yet.
Think about how dependent your organization is on its computerized systems. You use computers to store customer, employee and vendor information, financial records, banking information and intellectual property. You may also rely on a company website or mobile application to complete business transactions.
Preventing hackers from breaking into your servers does not have to be prohibitively expensive; there are some relatively easy and inexpensive steps you can take to make it harder for the bad guys to break in.
When a company has been hacked, it takes, on average more than 200 days to discover the breach. The costs can include:
- Technical investigation of a breach
- Notification of customers
- Post-breach customer protection
- Response to government investigations
- Possible lawsuits or other negative action from customers and vendors
- System improvements
- Increase in insurance premiums
- Lost business, including revenue and customer relationships
- Harm to reputation
- Cost to rebuild systems or recover data
There are a number of steps any company can take to reduce the risk of cyberattacks and lower the liability, such as:
- Identifying what data you have and assessing your legal risks
- Knowing the various cyber threats that your company might face
- Creating a written cybersecurity policy
- Training your employees on what to watch out for, as they are often your highest risk
- Taking some simple steps to protect your system, including use of firewalls, software updates, and having sound processes and procedures
- Reviewing your vendor agreements to determine possible risks from third parties
How serious is the problem?
In 2016, with the support of Colorado's governor, the National Cybersecurity Center commenced operations in Colorado Springs. A nonprofit, the Center maintains the mission to work with the private sector, government agencies and the military on cybersecurity issues, while educating the public on the growing threat.
At last October's Colorado Technology Association Summit, Ed Rios, CEO of the NCC noted that there are 10,000 job openings in cybersecurity in Colorado alone.
Many local companies looking to hire employees in cyber will target their services at large organizations, government agencies and military, but small and mid-sized businesses need protecting, as well.
The National Cyber Security Alliance, a nonprofit-public partnership, reported that 60 percent of small or mid-sized companies that discover they have been hacked go out of business within six months because they don't take further steps to prevent attacks or weren't prepare to respond. While this may sound surprising, it's important to be proactive and take reasonable, cost-effective steps to ensure that this doesn't happen to you.