$1 trillion! That’s a lot of money. And it’s a figure that’s increased by more than 50% since 2018.
In 2019, two-thirds of all organizations reported some type of incident relating to cyber-crime.
You could make a sure bet this figure rose significantly last year, thanks to criminals taking advantage of the pandemic.
It’s easy to look at big figures like these and not relate them back to your own business. But here’s the thing. The average cost of a data breach to a business is estimated to be around $500,000.
The most common types of crime are 1) ransomware, where your data is locked away until you pay a ransom fee.
And 2) phishing, where criminals pretend to be someone else to get you to click on a bad link. This is how they get access to critical systems.
That huge average breach figure includes:
• Any ransom demanded by criminals who lock your data and remove your access to it
• The cost of recovering your data and undoing the extensive damage done
• Putting in place additional ongoing security measures after the breach.
On top of the financial impact, there’s the reputational one.
Could you imagine picking up the phone to every single client to tell them your data about them had been accessed and stolen? And was probably for sale on the dark web?
What would happen if the local media or news blogs got hold of this and ran a story about it?
There are other consequences. 92% of businesses that are hacked say there’s an enormous impact on company performance.
Plus, they lose on average 9 hours of work time, per member of staff.
You must ask yourself very carefully: Could your business afford to be hit by a ransomware or phishing attack? The truth is that many small businesses really couldn’t.
So why do so few businesses have a plan in place to a) prevent and b) respond to cyber-crime?
It’s estimated that more than half of businesses don’t have a plan. Does yours?
If not, it’s time to do something about it. There’s been an explosion in the number of ransomware and phishing attacks over the past couple of years.
If you don’t have an effective plan in place to keep your business protected – and to minimize damage should the worst happen – you’re leaving yourself vulnerable.
Cyber-criminals are targeting all businesses all the time, using clever automated tools that sniff out vulnerabilities. So, it’s only a matter of time till your business’s defenses are tested.
Here’s our recommended five step plan to prepare for an attack, and protect your business.
Training, training, training
Believe it or not, your devices and software aren’t the weakest link in your defense. Your people are.
Your team’s awareness of the risks, and their mindset towards spotting risks and acting on them, can make a dramatic difference towards your chances of being affected.
Although they’d never knowingly do a thing to damage your business, all it takes is one click for them to bring you down.
One click. On one bad link. In one email. Phishing scams are getting more sophisticated every day, and they’re easy to fall for. You don’t have to be an 80-year-old email newbie to fall for a phishing scam these days. With some of the smartest social engineering, even the wariest person can be caught out.
Fortunately, with the right training, your team can be taught the tell-tale signs of a scam email, looking at:
• The email address it was sent from
• The language used
• The font and design of the email
• How to check if a link is safe before clicking on it
Back-up all data, all the time
We can’t stress this enough: if you don’t already have an automated daily back-up of your data every day that’s kept somewhere other than your business’s premises, arrange this today.
Keeping a copy of all your data in this way is your fall-back option. If anything ever goes wrong and your data is lost, corrupted, or held to ransom, you retain a copy of everything you need to keep your business functioning.
If you already have off-site back- up in place, well done. Now check that it’s working as it should be. This is a process known as verification, and it needs to be done every day.
You’d be surprised to learn how many people leave their back-up unchecked until they need it… only to find the back-up stopped working a few days earlier or the data was corrupted.
Use the tools available to you
There are a lot of tools out there to help keep your business safe and protected from cyber-criminals. Make use of them.
Some of the most used tools are:
• Password managers: These generate long random character passwords for new applications, then remember them so you don’t have to
• Multi-factor authentication: This is where you enter a code from another device to prove it’s really you logging in
• VPNs: A Virtual Private Network gives you a secure connection to your business when working remotely
• Encryption: This makes the content of your devices look like thousands of random characters to anyone without the encryption key. So, it’s only a minor inconvenience if you lose a device, not a major catastrophe.
PPP
Create a policy, protocol, and procedure in the event of a data breach. Sounds obvious, but this needs to be done before your business has a problem.
Your policy will set out how your business will deal with any form of data breach or cyber-attack.
Make your policy as detailed as possible, as it’s a guide for your company to reach the most desired outcome (in this case, minimal impact from an attack).
Include the things your people must do as a minimum to help keep the business safe, such as using a password manager and multi-factor authentication.
Every member of staff in your business should have a copy of this policy, ideally in your company handbook. Maybe you’d even get them to sign that they’ve read it and are committed to it.
That way, no one can plead ignorance if they’ve directly put your company at risk.
Your protocol is a written plan that contains the procedures your people must follow in the event of a cyber-attack.
Bring in the experts
If you’re not an IT expert, a lot of this can seem very time consuming and complicated.
We completely get that. However, you should understand that it’s very much a worthwhile investment of your time and energy.
If you feel it’s not something that you can do justice, it’s a smart idea to bring in the experts.
A great IT support provider – or IT support partner, in this case – should be more than willing to help you.
In fact, a great IT support partner will get it all done for you, without you having to prompt them. Honestly, the things we’ve talked about here are just the basics that you should be doing to cover yourself.
If you find you could do with some honest, expert help and advice, we’d love to be of service. Let’s talk – (734) 457-5000.