How to Protect Your Business from Cyber Threats in Today’s Economy
As we look at today’s reimagined economy, there are two major issues businesses need to be aware of: cyber threats and COVID-19 realities. Cyber threats continue to impact businesses and the economy. And in today’s working world, companies should prepare for data security and privacy issues that may result from an increased reliance on remote work.
Businesses of all sizes face cyber-attacks and data breaches. Unfortunately, there’s a 60% chance that a small business (one with less than 500 employees) will shutter within six months of a major cyberattack. These closures are often due to:
-
- Lack of cash available to recover
- No insurance to rely on
- Loss of goodwill with clients
- Loss of business to competitors
- Loss of information that cannot be recreated
The impact can be devastating and certainly something businesses need to guard themselves against.
These attacks stem from three major causes. All can cause significant cost to your data and competitive advantage:
-
- 52% are malicious attacks, in which bad actors—either within the company or outside of it—attempt to damage a business’s computer network through hacking or criminal activity.
- 23% are caused by human error
- 25% are caused by computer glitches
And there are two major types of malicious attacks. They’re getting more sophisticated, which means you need to be ready to change your policies and plans, especially when you're not operating in the same office on a daily basis.
-
- Phishing attacks: Criminals use social media and companies’ own websites to collect information and craft deceptive emails that encourage readers to divulge personal information, such as credit card numbers or passwords. Only 3% of employees typically report phishing emails, and yet 85% of companies reported at least one phishing attempt in 2020.
- Malware and ransomware: Criminals get employees to download a software (often via a simple link) that is specifically designed to disrupt, damage or gain unauthorized access to a company’s system. In the case of ransomware, a company cannot regain access until they pay a sum of money. This is the most common strategy among cybercriminals today. Each attack costs a company about $133,000, regardless of the company’s size and if it was running virus protection. Many companies lose control of their databases for about seven days when struck.
In today’s economy, Companies need to take concrete steps toward mitigation, detection and prevention. What does this look like?
-
- Budgeting: Business owners and leaders should consider the cost associated with data breaches when creating budgets. An average data breach costs about $3.9 million for a medium-sized publicly traded company. This goes toward things like forensics, legal costs, IT or security consultants and more. An attack can also result in an average 5% dip in share prices.
- Procedures and policies: It’s important to have an up-to-date cyber incident response plan in place. In today’s marketplace, only about 25% of companies do not have a plan in place—a drastic drop from about 72% three years ago. A strong plan designates who will communicate with clients, law enforcement, shareholders, employees, vendors and others when a system is down and how that communication will take place.
Many small businesses may not be able to hire a consultant to create or advise on these types of policies. The National Institute of Standards and Technology offers clear and concise guidelines and best practices for how to implement a cyber incident response plan with small businesses in mind.
-
- Cyber insurance: Business leaders should also consider working with a cyber insurance partner or broker. Many of these professionals will work with you before a breach and test your company’s security. Cyber insurers also often have panels of investigators, notification services, call centers and credit monitors that can help your company navigate or prepare for a breach. Premiums and add-ons can become expensive for smaller businesses, but, at a minimum, it’s a good idea to have coverage for out-of-pocket expenses relating to cyberattacks.
Contact Walt Green or any member of Phelps’ Cybersecurity, Privacy and Data Protection team if you have questions or need compliance advice and guidance.