Almost weekly you see an announcement about yet another major corporation that has experienced a data breach. Do you find it scary? It seems so to businesses and their customers alike. And it gives people pause about doing business with the impacted company in particular. But it also makes them reluctant to work with other businesses affected by cybercrime attacks. Small businesses become particularly vulnerable. They lack the technology infrastructure of larger enterprises. So, check out what small businesses should do to protect themselves and their customers?
How to Handle Cybersecurity
I recently talked with Chris Wayne. Wayne serves as Chief Technology Officer at Yahoo Small Business. He shared essential advice for small businesses in managing cybersecurity.
Rieva Lesonsky: What are the biggest cybersecurity threats small businesses typically face?
Chris Wayne: Ransomware and phishing attacks are certainly two of the most dire threats facing small businesses every day. A staggering 71% of ransomware attacks targeted small businesses last year. With an average cost of $200,000, many small businesses simply don’t have the resources to withstand a cybersecurity attack once it’s already happened.
Lesonsky: Are certain businesses/industries more vulnerable than others?
Chris Wayne: I believe every business needs to keep cybersecurity top-of-mind in order to prevent an attack. That said, there are certain industries that are targeted more than others. Healthcare is appealing to cybercriminals due to the highly sensitive information some seek out. Another industry is hospitality/hotels. The sheer number of people in their databases present an attractive target for cybercrime. And, unfortunately many breaches aren’t discovered until after the fact—96% of all accommodation breaches aren’t discovered for several months according to a 2018 Verizon Data Breach Investigations report
Sometimes Employees are the Real Problem
Lesonsky: Employees often are the culprits, correct? Unwittingly, they make businesses more vulnerable. How can business owners better educate their staffs?
Chris Wayne: It’s an unfortunate reality, but yes, employees often play a role in a cyber breach or attack. Many times it is unwittingly, and these mistakes can be mitigated through proactive efforts like mandatory cybersecurity training with regularity. The landscape changes so quickly that it’s important to have semi-regular training sessions—quarterly ideally—to bring the team up-to-speed on the latest risks.
Lesonsky: Given that small businesses lack the staff and the budget bigger businesses have, how can they protect their companies? Are there technologies that are particularly useful?
Chris Wayne: As the saying goes, the best defense is a good offense. Prevention is key. Taking measures such as auditing software, implementing staff-wide security trainings, and having a clearly defined crisis plan are critical to prevent an attack or mitigate the fallout once it happens.
Lesonsky: Do you recommend small businesses outsource their cyber protection? If so, what should you look for in a vendor—how do you best vet them?
Chris Wayne: I believe a healthy balance of outsourced protection coupled with in-house knowledge and best practices is a winning combination. Nobody knows your business better than you do and implementing some of these best practices can …read more
Read more here:: SmallBusinessTrends