Cyber-attacks against businesses and incidents that compromise their e-mail systems are on the rise again. They are threatening organizations of all sizes — and may target yours.
Small businesses are particularly vulnerable to these types of attacks, as the cyber criminals know that they typically have less sophisticated networks and protection. Accenture reported that nearly 43% of cyber-attacks are on small businesses, yet only 14% of these firms are prepared for attacks.
Considering that a cyber-attack on a small business can range from minor (less than $1,000) to enormous (more than $650,000), it’s important that your firm put in place safeguards to avoid having operations hampered or private data exposed by hackers.
The cost of cyber-attacks is substantial:
- 50% of attacks are made against small businesses.
- 60% of those small businesses that fall victim to cyber-attacks don’t survive after the attack without cyber insurance.
Attack methods keep changing
Cyber criminals are using more sophisticated methods to go after companies. Here are the new threats that employers must contend with:
- Encryptionless extortion attacks — These differ from traditional ransomware attacks, in which the criminals seize control of systems and refuse to release them until they receive ransom payments. In an encryptionless attack, they steal an organization’s data and hold it for ransom.
- Pretexting attacks — Also known as “social engineering,” in these attacks someone poses as a person known to an employee within the targeted organization. They know enough information to appear convincing.
They request that the recipient perform a routine transaction, such as changing a bank account number for a vendor. The new bank account belongs to the attacker, not the vendor, and the money is gone before the truth is discovered.
What you can do
You can thwart the criminals by:
Educating your employees — Regularly update your staff on new security protocols. The more your employees know about cyber-attacks and how to protect your data, the safer your business will be. Send out regular reminders not to open attachments or click on links in e-mails from people they don’t know or expect.
Implementing safe-password practices — Have employees use complicated passwords and change them regularly every 60 to 90 days.
Using robust security platforms and protocols — This includes installing web application firewalls and using secure payment gateways if you accept credit cards online. Your website hosting company should regularly patch security vulnerabilities, and you should ensure that all computers have antivirus software installed.
Regularly backing up all data — That includes databases, financial files, human resources files, and accounts receivable and payable files.
Cyber insurance
Even with these protections in place, companies still can suffer an attack. If it’s a ransomware attack, your systems may be unusable until the ransom is paid.
Your IT Department does not replace cyber insurance; they assist in minimizing an attack. IT is not going to pay the costs you incur to recover, but cyber insurance will.
Cyber insurance can help pay for the associated costs, including:
- Recovering or replacing lost or stolen data
- Investigating the incident
- Notifying regulators and customers of a breach
- Income lost due to a breach
- Extortion payments
- Legal damages
- Lawsuit and regulatory action defense
- Fines, fees or penalties (coverage not available in all states)
- Crisis and public relations management
Call us to see what policies are available to organizations like yours, what they cover and how affordable they are.