We’ve all seen the news reports of huge corporations being targeted by cyber-criminals, but what about the smaller guys? The fact is, for a number of reasons, many small to mid-sized businesses don’t really consider cyber security much of a priority. Some feel it’s just not in the budget, while others mistakenly believe that they don’t possess enough data of value to make them worth targeting. To the contrary, as one security expert pointed out, these are the very reasons some hackers prey on these lesser known companies in the first place.
Still not convinced that you need to worry about your cyber safety? Here are four compelling stats that might just change your mind.
20 percent of small to mid-sized businesses today do not have any cyber security strategy in place whatsoever. This is a pretty big deal, especially considering that 60 percent of small businesses that fall victim to a successful security breach will ultimately go out of business within just six months’ time. Of those that do have an IT security plan in place, 35 percent say it’s handled by the business owner. This is likely due to budgetary and staffing reasons, but noteworthy nonetheless.
Another eye-opening statistic is that nearly half of all small to mid-sized businesses admit that they do not provide any kind of cyber security training or education to their employees. We’ve said it many times before, but it’s worth repeating: cyber security is everybody’s responsibility. This is especially true in smaller organizations upon which a successful breach could have a much more devastating impact.
The third surprising stat is that business owners and managers listed sensitive customer data being stolen or compromised as their #1 biggest cyber security concern. Their second biggest concern is dealing with a system failure or internet outage. Things like ransomware and other similar malware programs are designed to specifically target these vulnerabilities, holding data and critical systems hostage and extorting business owners out of hefty ransom fees.
Finally, but equally important, almost half of all small to mid-sized companies do not have any type of formal cyber crisis response and recovery plan in place. The reality is, it’s virtually impossible to prevent every attack from ever occurring, even if you have the best defense strategy in place. Having a plan for how to address and remediate any successful attacks is critical to getting critical systems back up and running, mitigating damages and keeping the business afloat.
So now that you’ve got a better idea of where most small to mid-sized businesses stand on the topic of cyber security, how can you protect your company from becoming the next victim?
Use technology to your advantage. There are affordable network monitoring programs that can help identify potential threats. Additionally, employing automated technology to the incident response strategy helps alleviate the staffing shortage and budgetary restraint issues, as the tool can be ready to respond and remediate cyber-attacks at a moment’s notice, 24/7/365. Best of all, many of these tools and programs are designed to suit any budget – even small to mid-sized ones.
Additionally, all employees should be properly trained on how to spot potential dangers, what they should do in the event of an attack and who they should notify for assistance. Educating employees on things like social engineering plots and phishing scams, which have the potential to cause significant damage in the event that they are successful.