As part of raising awareness during National Cybersecurity Awareness Month (NCSAM), each week in October we will feature a topic centered around the theme “our shared responsibility.” This week will focus on cybersecurity workforce education, training and awarenes while emphasizing risk management, resistance and resilience.
CYBER ATTACKS COST SMALL AND MEDIUM-SIZED BUSINESSES AN AVERAGE OF $2,235,000.
When you are on the job – whether it’s at a corporate office, local restaurant, healthcare provider, academic institution or government agency – your organization’s online safety and security are a responsibility we all share. And as the lines between our work and daily lives become increasingly blurred, it more important than ever to be certain that smart cybersecurity carries over between the two.
Statistics: Small Businesses are Increasingly Targeted by Hackers
- Small and medium-sized businesses (SMBs) are gaining the attention of hackers. A 2018 Verizon Data Breach Report showed that 58% of cybercrime victims identified as small businesses. [1.]
- In 2017, cyber attacks cost small and mediumsized businesses an average of $2,235,000 and the percentage of small businesses that have experienced a cyber attack in the past 12 months is up from 55% in 2016 to 61% in 2017. [2.]
- The Better Business Bureau found that more than half of small businesses would be unprofitable within a month if they were to lose permanent access to their essential data. [3.]
- Approximately nine out of ten small businesses report that they have some cybersecurity measures in place, with the most common ones being 1) antivirus protection, 2) firewall protection and 3) employee education. [4.]
#CyberAware Tips for Employers and Their IT Teams
Identify your digital “crown jewels:” Crown jewels are the data without which your business would have difficulty operating and/or the information that could be a high-value target for cybercriminals.
Protect your assets: Ultimately, your goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grows or adds new technologies or functions.
Be able to detect incidents: We have fire alarms in our businesses and homes that alert us to problems. In cybersecurity, the more quickly you know about an incident, the more quickly you can mitigate the impact and get back to normal operations.
Have a plan for responding: Having a recovery plan created before an attack occurs is critical. Make and practice an incident response plan to contain an attack or incident and maintain business operations in the short term.
Quickly recover normal operations: The goal of recovery is to move from the immediate aftermath of a cyber incident to full restoration of normal systems and operations. Like the response step, recovery requires planning. Recovery is not just about fixing the causes and preventing the recurrence of a single incident. It’s about building out your cybersecurity posture across the whole organization (not just the IT person or group), including increasing the focus on planning for potential future events.
- SMB Cybersecurity Awareness Toolkit
- CyberSecure My Business: https://staysafeonline.org/cybersecure-business/
- Federal Trade Commission’s Business Center for Privacy and Security: https://www.ftc.gov/tips-advice/business-center/privacy-and-security
- NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
- Better Business Bureau Cybersecurity: https://www.bbb.org/council/for-businesses/cybersecurity/
[2.] Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-
Sized Businesses https://blog.barkly.com/small-business-cybersecuritystatistics-2018
[3.] 2017 State of Cybersecurity Among Small Businesses in North America