43% of all cyber attacks are targeted at small businesses; 60% of small companies go out of business within six months of an attack and only 14% of small companies to rate their ability to mitigate cyber risks and attacks as “highly effective.”
When was the last time you reviewed your security policies within your business? What sort of systems does your company have in place and are they carefully enforced? Did you know that weak passwords cause more than half of all data breaches, but only 24% of SMEs have strict password policies in place, and of those that do, 65% of companies say they don’t actively enforce it. Your security policies need to be reviewed every few months to make sure they’re comprehensive and enforceable.
You should also be on the lookout for new strategies and technologies that you can put in place to shore up vulnerable areas of the business. Several highly advanced techniques can now help to keep your business secure and help to make sure that no one is abusing your systems, meaning that your customers are protected too. According to 2018 Identity Fraud, ‘Fraud Enters a New Era of Complexity’ from Javelin Strategy & Research’, in 2017, there were 16.7 million victims of identity fraud, a record high that followed a previous record the year before and criminals are engaging in complex identity fraud schemes that are leaving record numbers of victims in their wake. The amount stolen hit $16.8 billion in 2017 as 30% of U.S. consumers were notified of a data breach, an increase of 12% from 2016. However, there are now advanced technologies available which are utilizing the power of AI to protect identities and protect people and businesses from online fraud.
Just as people regularly practise fire drills, you should do the same in case of a cybersecurity attack. During a cybersecurity drill, you should look at response timing on multiple levels, see how quickly individuals and teams respond and either thwart or mitigate a cyber attack and also how fast are you able to inform customers of the most current and accurate information.
Cyber liability insurance helps to mitigate the costs of an attack and is usually available both as a standalone policy, as well as an add-on to a business owner’s system. You can have first-party and third-party insurance, first-party coverage helps you to cover expenses when your network is hacked, or your data is stolen, and third-party coverage offers protection when a customer or partner sues you for allowing a data breach to happen.
If you are a victim to an attack, you need to take everything offline as soon as possible as if someone has managed to access your data; you need to limit the amount of information they can get.
It is essential that you can quickly assess and block the entry point as you might be able to act quick enough to stop any data from being taken. But, you still need to check everything to ensure that nothing is lost.
Whether you have a large company or a small business, stealing or attempting to take someone’s data is a severe offence, so the authorities need to be informed immediately to commence an investigation. You will have to make all your systems and data available to the authorities, so they can see where any entry has occurred and hopefully trace it back to the perpetrator.
Informing your customers is essential, and you will need to prepare a statement that outlines what has happened and any potential data that has been lost. If you are not sure what data has been lost, or what details they may contain, your customers need to be aware so that they can monitor their bank accounts to see if anything suspicious has taken place. Your customers and clients will likely have a lot of questions that they want to ask. So you should also have a dedicated email or telephone line established to field such queries.
Your company will need to establish how and when your security was breached. It is also essential to ascertain whether the breach was external or internal to your company.
Some companies offer computer evidence recovery services that can help you and the authorities discover any potential evidence. They can then provide that to you so that you can see if there are any apparent suspects.
Before you put your services back online, it is essential to conduct a thorough audit of all your procedures and safeguards and even get an expert to come in and check your systems and advise on how they can be improved.