I’m not suggesting that Russian President Vladimir Putin will order someone to hack into your computers, but the current media feeding frenzy over hacking brings into focus the fact that cybersecurity is a real risk for small businesses, including boat dealerships.
So said the U.S. Securities and Exchange Commission in a recent warning about such problems small- and mid-sized business now face. Moreover, according to Mark Berven, president and COO of Nationwide Property & Casualty, a whopping 79 percent of small businesses have no cybersecurity plan.
Hackers know big companies are getting harder to get into because they can afford to retain cybersecurity experts. Not so for small businesses. A Harris Poll study conducted for Nationwide revealed that 63 percent of small-business owners admitted they had been victims of at least one of the following: computer virus (44 percent), phishing (30 percent), Trojan horse (22 percent), hacking (16 percent), data breach (11 percent), issues because of unpatched software (10 percent), unauthorized access to customer information (9 percent) and unauthorized access to company information (8 percent).
In what could be viewed as a “head in the sand” response, 40 percent of survey respondents didn’t think they will suffer such an attack. But a constantly shifting cyber landscape leaves small businesses increasingly confronted by shifting cyber threats. Ransomware is a good example. In this, the cybercriminal encrypts a firm’s files and demands a ransom payment to release them. The number of such attacks reportedly more than doubled last year and ransomware programs can now target more than 230 different types of computer files. Then there’s the cost.
According to the National Small Business Association, the cost of the average attack is up 140 percent from $8,699 in 2013 to $20,752 last year. It was even more costly for firms whose bank accounts were hacked, up nearly 187 percent. Moreover, the survey found that small businesses once victimized were more likely to be targeted again.
So, when you take the threat seriously, what can you do? Here are five actions to consider:
1) Know who has access to your data and/or network and reduce that number to an absolute minimum. Know what information is being shared as well as what, if any, hardware is leaving your business, such as laptops and USB sticks.
2) Employees must be educated. Discuss and test commonly used social media tactics, such as fraudulent computer offers and links. Take care if you use an online computing service because your information can be compromised by their systems. Set social network profiles to private and check security settings. Always be mindful of what information you post online.
3) Strengthen all passwords to eight to 10 characters that include letters, numbers and special characters and change them regularly. Evaluate the feasibility of encrypting your most sensitive data, making a backup and storing it in a fireproof safe or off site. Use a dedicated computer for all the most sensitive information. Secure your Wi-Fi networks to prevent hackers from accessing your servers. Install and regularly update spyware, anti-virus and anti-malware software. Activate your computer network firewall to block connections used to hack into your system and deliver viruses and set employee-permission levels for downloads.
4) There is a potential liability for a business in the event of a cyber security failure. There is now insurance coverage for losses in case of breach or fraud.
5) Your insurance agent might be helpful in assessing your cybersecurity risks and could help you create a plan that includes employee training, software updates and more.
Cybercrime represents a real threat to small businesses. More helpful ideas can be found at Nationwide’s cybersecurity website.