By now, most business owners are aware that, regardless of your business size, no one is immune from the risk of a cyberbreach. Today's hackers are highly sophisticated and have the means to attack any target they choose.
While most small businesses don't live in blissful state of ignorance about the need for cybersecurity, many still haven't taken sufficient measures to guard themselves against hackers. A recent infographic by the National Cyber Security Alliance (NCSA) reported that 71 percent of security breaches target small businesses, and nearly half of all small businesses have been victims of cyberattacks. Perhaps most alarming of all is the fact that 60 percent of small businesses that suffer a breach go out of business after six months, according to Experian.
"Small businesses by their nature are more fragile than larger enterprises," said Michael Kaiser, executive director of the NCSA. "They likely haven't taken the time to develop a contingency plan or response plan in the case of a cybersecurity incident and when an event happens, they don't have what they need in place to recover."
A cybersecurity incident could lead to an entire network being down for many days until the full extent of the problem is known and then fixed, Kaiser said. A small business may not be able to withstand the loss of income, or have insurance that helps to defray those costs or any liabilities that might occur as a result of the breach. A highly public breach could also damage the business's brand and lead to long-term loss of income.
NCSA's research identified three major reasons hackers are so focused on small businesses: They are less equipped to handle an attack due to lack of resources; their partnerships with larger businesses provide back-channel access to a hacker's true targets; and the information hackers want — credit card credentials, intellectual property, personally identifiable information, etc. — is often less guarded on a small business system.
Having up-to-date security software and creating an emergency response plan for a data breach are good first steps toward keeping your company vigilant and ready for an attack. But Kaiser noted that one of the most important things you can do to protect your business in the long term is to create a culture of cybersecurity.
"Make sure employees understand the importance of cybersecurity in protecting their customers, colleagues, intellectual property and valuable business relationships," Kaiser told Business News Daily. "Have policies and practices in place about Internet security practices in the workplace around issues like the use of USB devices, social media and personal devices in the workplace. Have rules about password practices and acceptable websites to access from a business network."
Above all, understand what about your business needs to be protected and stay vigilant about the risks that could impact you, Kaiser said.
"Keep learning about who can best protect your business."