The holiday shopping season is in full swing at stores across the country.
And as small businesses keep selling, they're becoming increasingly more vulnerable to cyber criminals. Sophisticated hackers recognize that most small businesses — 79% by our research — don't have a cyber security plan, even though almost two-thirds of small businesses have been victims of cyber security crimes.
In late September, the U.S. Securities and Exchange Commission issued a warning about the cyber security challenges facing small- and medium-size businesses, which accounted for 60% of cyber security incidents in the past year, up from 48% the prior year. The reason for the upswing: Cyber thieves know that large enterprises are hiring cyber security experts and are getting harder to hack, so they're targeting more-vulnerable small businesses with weaker security and point-of-sale terminals.
New Nationwide research finds that 63% of small-business owners admit they have been victims of at least one of the following: computer virus (44%), phishing (30%), Trojan horse (22%), hacking (16%), data breach (11%), issues because of unpatched software (10%), unauthorized access to customer information (9%) and unauthorized access to company information (8%). Still, 40% of survey respondents don't think they will suffer such an attack.
The price of an attack
What many small-business owners don't realize is the cost of a cyber security incident.
The price for dealing with these types of crimes has skyrocketed to $20,752 per attack, up from $8,699 two years ago, according to the National Small Business Association. It also takes longer than most small-business owners think to recover from a cyber breach. In fact, 53% of those surveyed who hadn't yet been affected by an attack believe the recovery will take less than a month. It can, however, require a year or more.
Jane LeClair, chief operating officer of the National Cybersecurity Institute at Excelsior College in Washington, D.C., testified before a Congressional committee earlier this year that "often, small businesses don't even know they have been attacked until it is too late." She estimated that 60% of small businesses that fall victim to a serious cyber attack go out of business.
Related: Do you know these 9 hacking terms?
While cyber security poses a serious threat, small businesses can get help from their local agent.
As trusted advisers, agents can assess a company's cyber security risk and help the owner create a plan through education, evaluation and planning. This can include employee training and software updates or more complex endeavors such as incident road maps and "what if" breach notification modeling.
What you can do
Here are four other tips, based on information from U.S. government sites, to help ensure that this holiday shopping season is a time for business growth — not cybersecurity repair.
-
Limit physical access: Guard your physical perimeter to prevent cyber criminals from accessing sensitive data and your computer network. Know who has access to your data and network, reduce that number if necessary, and understand what's being shared and what hardware is leaving the building, such as laptops and USB sticks.
-
Train your employees: Educate your team, because employees are your company's first line of defense against cyber criminals. Discuss and test commonly used social media tactics, such as fraudulent computer offers and links, with employees. Carefully select online computing services, because information you share can be compromised by their systems. Set social network profiles to private and check security settings. Be mindful of what information you post online.
-
Strengthen passwords, secure Wi-Fi and run anti-virus software: Use stronger passwords of eight to 10 characters that include letters, numbers and special characters. Change those passwords regularly. Carefully evaluate the feasibility of encrypting your most sensitive data, making a backup and storing it in a fireproof safe or off site, and using a dedicated computer for all sensitive information. Secure your Wi-Fi networks to prevent hackers from accessing your servers. Install and regularly update spyware, anti-virus and anti-malware software. Activate your computer network firewall to block connections used to hack into your system and deliver viruses, and set employee-permission levels for downloads.
-
Grasp your potential for liability: Plan for the worst with cyber insurance to cover losses in case of a breach or fraud.
For facts, tips and resources on creating a cyber security plan, small-business owners and their insurance agents can visit Nationwide's cyber security website.
Mark Berven is president and chief operating officer of Nationwide Property & Casualty. For more information about Mark, please visit his author page.
Have you Liked us on Facebook?
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.