Websites hacked. Corporate data leaked. Identities stolen. The threats are real and growing. Seventy-five percent of all organizations have experienced a data/cyber security breach in the past 12 months.
Take a small online retailer in the Midwest. It seemed like just another ordinary day when one of the company’s employees received an email with a link to a seemingly benign catalogue. Little did the company know that the simple click of an email link was about to threaten their entire business. After the employee clicked on the link, the system was infected with Crytowall. The malware affected the company’s accounting software, customer account files, including credit card numbers, social security numbers, customer names and addresses, among other information.
The accounting software and customer files did not live on the employee’s computer; it lived on the company’s network drive. That meant the malware was able to encrypt over 15,000 accounting and customer files. Soon a ransom demand followed. The cybercriminals demanded $50,000 to provide the decryption key for the files. With the virus proving impossible to remove without the loss of crucial company data, the company had no choice but to pay up. Unfortunately, the company’s backup systems had not been working for months. So it had no recourse for restoring its files.
After the ransom was paid, the cybercriminals gave the decryption key to the retailer. But when the company attempted to decrypt the files, the decryption key didn’t work. The company came to a standstill. The owner could not afford to pay to rebuild the network systems. The lack of sales and cashflows strangled the business. Six months later the company closed its doors. This small business learned about cybercrime the hard way.
The U.S. National Cyber Security Alliance found that 60% of small companies are unable to sustain their businesses over six months after a cybercrime attack. The financial burden and reputational issues of having your customer’s’ data compromised means you could go broke after just one attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000. For middle market companies, the cost is over $1 million.
Recent events have proven that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies, or even presidential candidates.
Small and mid-sized businesses are hit by 62% of all cyber-attacks, about 4,000 per day, according to IBM. Cybercriminals target small businesses because they are an easy, soft target to penetrate. They steal information to rob bank accounts via wire transfers, steal customers’ personal identity information, file for fraudulent tax refunds, and commit health insurance or Medicare fraud.
So what can you do besides pray and hope you’re not next?
- Remember, most cyber breaches happen because an employee does something that he/she aren’t supposed to do. They share a password or open something they shouldn’t have. Basic training can stop a majority of low-level threats. But coaching your employees on data protection is not enough. Business owners must establish data security protocols that every employee takes seriously.
- Create a business continuity and incident response plan that you can put into effect immediately once you know your systems have been compromised.
- Keep security software current. Having the latest security software, web browser, and operating systems is the best defenses against viruses, malware, and other online threats.
- Links in emails, tweets, posts, and online advertising are often how cybercriminals try to steal information. Even if you know the source, if something looks suspicious, delete it.
- Protect all devices that connect to the Internet. Smartphones, tablets, and other web-enabled devices need to be protected from viruses and malware in the same way as laptop and desktop computers.
- Plug-and-scan USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
- Small and medium businesses should consider cyber insurance. While premiums continue to rise, the cost of the insurance is small in comparison to the cost your business will pay for the necessary experts and consultants to restore your systems, or worse yet, the costs of going out of business altogether.
- Don’t delegate cybercrime prevention solely to your IT department and tell them “get on with it.” Embed these practices across all areas of your business.
Finally, consider encrypting your most sensitive files. Encrypting data is a process of converting data into a form, where it becomes unintelligible to any person without access to a key/password to decrypt the data.
Two forms of encryption that exist currently are hardware-based encryption and software-based encryption. Hardware encryption and decryption processes are executed by a dedicated processor on the hardware encrypted device. In software encryption, the resources of the device on which the software is installed are used for the encryption and decryption process of the data.
Robert Fleming, founder and president of Black Square Technologies, a Denver-based manufacturer of the Enigma hardware encryption device, states that “hardware encryption is much faster than software encryption” as well as more secure. With hardware encryption, “Even if a company is hacked, and the bad guys capture your files, they cannot open any files that are encrypted,” says Fleming.
Today, small business owners have to assume they will be victims of cybercriminals. Cybercrime is now the world’s largest business running in the trillions of dollars. So far the bad guys are winning. Business owners have to do more than hope and pray that their businesses won’t be next.