By Joe Galvin
With the ever-expanding sophistication of hackers, it’s only a matter of time before a cyberattack infiltrates your company.
A cyberattack can be detrimental for a small business — and most can’t afford the financial hit from a data breach. Yet according to a recent Vistage survey of 1,377 CEOs, 62 percent of small business owners lack an updated or active cybersecurity strategy. In addition, 24 percent reported experiencing a cyberattack in the last 12 months.
From credit card numbers and protected health information to employee data and personally identifiable information, hackers can access your company’s assets to steal identities, take out loans, complete wire transfers and carry out other scams.
Devastating to your business and customers? Absolutely. Preventable? Thankfully, yes — and there are precautions you and your leadership team can take to prevent long-term damage to your reputation.
Before taking necessary steps to protect your company from an attack, it’s important to understand why hackers consider small businesses “soft targets” for data breaches and why mitigating that risk is a must for small and midsize businesses (SMBs).
Why Might I Be a Target? Top threats
Many SMB leaders erroneously believe cyberattacks only impact large corporations, and so neglect to implement the proper infrastructure and train personnel prevent data breaches. SMB’s aren’t just attractive targets for hackers because they hold valuable assets, their more vulnerable infrastructure can serve as a springboard for hacks of larger companies. For instance, in 2013 hackers carried out a cyberattack on Target by way of a small HVAC company based in Sharpsburg, Pa. — a partner in the retail giant’s supply chain.
SMBs are also major targets for ransomware, a type of attack that encrypts company data until a ransom is paid. SMBs frequently misstep by failing to use an off-site source or third-party service to back up their data. That’s why after a ransomware attack, small businesses almost always end up paying the hacker to decrypt their files.
Facing a Data Breach: Repercussions
The aftermath of a cyberattack can take several forms.
The most considerable threat hackers pose to SMBs is financial — and, according to Symantec, the average cost of a data breach totals about $188,242. A more severe breach can cause a total loss of data, extended periods of system downtime and financial losses upwards of $500,000. After lesser cyberattacks, a business might lose several hours of productivity and a few thousand dollars.
One real-life horror story: A hacker impersonated a CEO over both email and phone, convincing the company’s CFO to wire funds to an account over the holidays. The company lost $400,000 in fraudulent capital transfers.
Although nearly a quarter of the CEOs surveyed by Vistage indicated having experienced a cyberattack in the last year, many more incidents remain underreported. This stems from a fear of compromised credibility with customers and because it takes the typical U.S. company an average of 206 days to detect a breach, according to a recent Ponemon Institute study.
At worst, an entire organization’s existence is at stake during a data breach. A whopping 60 percent of hacked SMBs go out of business after just six months.
The Proactive Approach to Protect Your Business
Frantic damage control following a cyberattack — the “reactive” approach — never spells good news for SMBs. The following tactics will help ensure your company and customers stay safe in the event of an attempted breach.
- In assessing your risk of a cyberattack, identify your critical assets and understand where your data is housed. Who has access to the data?
- Take measures to protect your data. What defensive controls are in place, and which technologies? What pieces of technology are most critical, and which ones would require needless overspending?
- Develop a strategy to detect cyberattacks. Because most businesses usually do not receive a warning, how do you pinpoint an attack?
- Create a response plan for when you discover your assets have been compromised. This is one of the most common areas where SMBs crumble. What do you tell clients? How is the customer support team kept up to speed on new developments during a data breach? What other partners or vendors need to be notified, and when?
- Finally, the recovery stage begins. A “disaster recovery plan” for cyber assets must be in place before you can drive your business forward.
The exhaustive toll of a data breach far exceeds the efforts it takes to prevent one. CEOs should review this framework with the company’s internal and/or external IT professionals to best mitigate the risk of a cyberattack.
Download the Vistage report on Cyber threats and solutions for small and midsize businesses to learn more.
As chief research officer for Vistage, Joe Galvin is responsible for providing Vistage members with the most current, compelling and actionable thought leadership on the strategic issues of small and midsize businesses. Joe is an established thought leader and analyst who has researched and presented to business leaders around the world on customer management, world-class sales performance, and CRM and sales force automation technology.