6 Affordable Cybersecurity Steps Every Small Business Should Take
Though the news dwells mostly on the big hacks and thefts like the recent one at HBO, a Verizon report found that over 60% of data breaches are carried out against small businesses with fewer than 100 employees.
And it costs them. Hiscox (read full report here) [link to: http://www.hiscox.com/shared-documents/cyber-readiness-report.pdf] determined that the lost revenue from a single cyberattack against small businesses adds up to an average of $41,000. For big companies, it was over $3.5 million.
For small businesses, like many that operate out of Columbus OH, these five and six figure potential losses can sink them.
And yet, many small business owners don’t believe cyber criminals will target them. While this is understandable in one sense, the truth is, most criminals want data more than immediate payoffs. And small businesses make easier targets precisely because they don’t spend as much on network and cybersecurity.
Now, big companies can afford to spend big money on teams of people, systems, data monitoring, certifications, recovery plans, legal defense, and so much more.
Small companies? Not so much. So how much money should your small business spend on network and cyber security?
A better question is – what can you afford to spend your hard-earned money on to make a measurable difference?
Here are six affordable network and cybersecurity steps even a business with fewer than five employees can take.
6 Network and Cybersecurity Strategies That Won’t Break Your Bank
1. Create an Employee ‘Network and Cybersecurity Policy’
This costs very little now, but can save you from big losses later. Why? Because one of your biggest threats is an internally caused cyberattack. These can be accidental (opening a malicious email attachment) or deliberate (angry employee selling data).
But having a written policy that your employees have signed and been educated on how to follow will go a long way toward making your case in a court of law if they break it. This is your best low-cost protection against internal cyber threats.
2. Invest in Employee Training
This pairs nicely with your policy. After you create a policy, conduct an employee training session on how to secure company data. Teach them about email phishing, how to safely use network-enabled devices they bring from home, and the major risks and threats coming against almost every business these days.
To increase your employees’ awareness and motivate them to be more cautious when it comes to cybersecurity, teach them how a cyberattack could cause the company to fail or have to shrink. Share real examples of companies that have gone under. By following your training and policy, they are preserving their own jobs too.
3. Use the FCC’s Cybersecurity Planner
The first two steps cost very little. This one costs nothing at all except some time. Take the FCC’s introductory network and cybersecurity planning course. [link to: https://www.fcc.gov/cyberplanner] It will recommend basic steps to improve your security.
4. Get a Vulnerability Assessment
If you don’t think the FCC will be helpful enough, a vulnerability assessment is your next best option. This one-time expense brings in a network and cybersecurity expert to evaluate your systems, identify weak points, and give you specific ways to fix them.
It will be up to you to implement their suggestions, but now you’ll have an action plan.
5. Buy Cybersecurity Insurance
Yes, this is for real. Insurance companies are starting to offer this. Some of them require you to have certain measures in place. Some may even require a vulnerability assessment. But insurance is a great way to protect your business as it will cover both, internal and external, sides: idea because it protects you on two fronts:
• Your own costs from an attack will be reimbursed – it can save your business
• Covers legal costs against you if any customers or vendors sue you
The nice thing about insurance is it’s a fixed cost. For small businesses, that means it’s manageable, unlike the volcanic costs of an unanticipated cyberattack.
6. Get Managed IT Security Services
Another fixed cost, managed IT services are a way to outsource your cybersecurity management to a third party. This helps you respond immediately to an attack – the biggest concern of small businesses. A managed IT service also continually monitors and updates your software and other system vulnerabilities.
These six network and cybersecurity strategies are doable for just about any business. And the last two can be scaled up as your business grows.
So how much should you spend on your network security?
Take a reasonable percentage of the size of your business, and start there. You can compute your size by number of employees, total salary payouts, total revenue, expected revenue for a set time period or project, or some other way that fits your business model.
And if you’re in a higher risk business that uses a lot of sensitive customer data, you should increase your budget a bit. Typical big companies spend 5-15% of their information technology budgets on security.
Whatever you do – get started now. Regardless of your industry, your business is at risk; so, get started now. If 60% of businesses get attacked every year, it’s going to happen to you at some point. Be ready.