I’ll start with a personal story about cyber security. Quite a few years ago (I won’t bore you with all the detail), my personal trainer’s email was hacked by a slightly saavy and jealous, ex-client’s boyfriend and personal emails between me and my trainer were distributed in a malicious manner to everyone in my trainer’s email network.
Needless to say, the backlash of this saga was incredible. My trainer escaped relatively unscathed, but the beating I took on it served as a lesson to me for the rest of my life. Don’t put anything into words via email or text that you wouldn’t say directly to someone’s face. Words on paper cannot be forgotten and it’s apparently incredibly easy to hack into someone’s “safe” network, download documents and use them as a weapon against said person or company.
When we went to the police with the breach, they scratched their heads, looked at us dumbfounded and essentially told us there was nothing we could do. It wouldn’t have mattered if there was. Reputations were already smashed, relationships and friendships were ruined and that sense of security and invincibility became an abstract thing of the past.
So this may sound like an exaggerated personal problem, but it happened and it was a traumatic event. Now imagine it’s your company and all your secure files. It’s your employees’ social security numbers, your business-banking routing numbers, your personnel files.
TxMQ attended an this morning titled “The Virtual Reality of White Collar Crime” where the discussion was about cyber attacks. The numbers are staggering.
There are an estimated 1 million cyber attacks per day. That breaks down to 50,000 attacks per hour, 840 attacks per minute and about 15 attacks per second. And they’re coming from all areas of the world.
Trends of late have seen organized cyber crime move from aiming at large, hard targets such as banks and financial institutions to softer small- and mid-size businesses.
Because it’s easier to hack into the SMB space. There are hackers who only focus the hard targets. They beat their heads against the wall until they chip away a brick, they move that brick and get one name and contact info. Then they start all over again, beating their heads against the wall to remove just one more brick, then one more, then one more. A painstaking process…
Now think about the SMB environment, where it’s much easier to export data and multiple files. Chip one brick away and all of a sudden you have the names and personal info of a thousand people. These professional services providers hold deeds and financial records, personal information and trusts.
Fact: 60% of small- and mid-sized businesses that suffer from a cyber attack go out of business within 6 months due to the cost of recovering from the attack. The average cost to recover from a cyber attack is $5.5M. Be proactive.
Fact: Cyber breach represents the largest transfer of wealth in US history. Businesses lose $250 billion a year to cyber breach and lose another $140 billion in downtime from the attack. That’s almost $400 billion per year. Process that for a moment.
And the truth of the matter is, it’s not even a matter of if it happens, it’s when. Within the past year, my personal credit card number has been stolen and used overseas three separate times.
Here are 10 recommendations for how small- and mid-sized businesses can protect themselves against a potential attack:
- Employee Background Checks
- Signed Security and/or NDA
- Written Policy as Part of Employee Handbook
- Provide Meaningful Education & Training (make sure what you have works)
- Secure Your IT Infrastructure
- Establish Password Policy
- Protect CC and Bank Accounts
- Test Your Systems
- Conduct Exit Interviews
- Take Immediate Action
Unfortunately, laws are reactive in nature, not proactive. While cyber crime is still being scoped and defined by the justice system, it’s happening all around us every day.
Get your systems reviewed. How likely are you to get hacked? Call TxMQ or a security firm to be proactive in your approach to protecting your company data.
Can you survive a cyber attack? If you’re a small- or mid-size company, likely the answer is no. And if you do survive, what’s the extraneous cost to your reputation, customers and most of all you?