Cyber Crime Impact On SMBs
21% or one in five small to midsize businesses have reported a data breach in the last 24 months, up 17 percent from two years earlier, according to a survey from Bank of America Merchant Services. On the surface, that may not seem too bad… until you consider the consequences.
The survey found that 41 percent of small businesses that suffered a breach paid more than $50,000 to recover. Even worse, 30 percent of surveyed consumers said they would never return to a small business that suffered a breach, a 50 percent increase from two years earlier.
The impact of a data breach isn’t just lost or compromised data, lost revenue due to downtime, and the cost to implement tools and processes to prevent another breach. One could argue that the impact on a brand’s reputation and consumer confidence is even more costly.
Multiple research studies have concluded that 90 percent of data breaches are caused by human error. Gartner estimates the number could be as high as 95 percent for cloud breaches. The silver lining is that human error is fixable with increased awareness and training.
October Is Cybersecurity Awareness Month
Ancero is proud to be a 2020 Champion for Cybersecurity Awareness Month. This program is a collaborative effort among businesses, government agencies, higher education institutions, associations, nonprofits, and individuals to promote awareness of online safety and privacy.
There are four weekly focus areas for Cybersecurity Awareness Month:
- If You Connect It, Protect It. Once connected to the internet, devices are attacked within five minutes. Through increased awareness and training, every user can play an essential role in reducing risk.
- Securing Devices at Home and Work. With more people working from home than ever, the line between the personal IT environment and the work IT environment has been blurred. Users need to understand how this introduces new vulnerabilities and what steps they can take to protect their devices and data.
- Securing Internet-Connected Devices in Healthcare. With hospitals and healthcare practices increasingly relying on telemedicine, digital health records, internet-connected medical devices, and third-party apps, the attack surface has never been larger. Organizations and patients both need to take responsibility for protecting their data.
- The Future of Connected Devices. 5G promises faster connectivity but also creates new vulnerabilities. All users need to understand new risks and how to mitigate them.
What Cybersecurity Awareness Means
There are probably dozens of “awareness months” over the course of a year. However, cybersecurity can have a direct impact – positive and negative – on organizations of all sizes, while awareness is critical to maximizing the positive and minimizing the negative.
That said, what exactly do you need to be aware of?
- Risks. If you suffer the data breach, how much will each hour or day of downtime cost you? Do you have the systems in place to restore access to your network, data and applications? Do users understand the consequences of failing to follow policies for sharing and saving data while working remotely?
- Warning Signs. What does an email phishing scam look like? How do you differentiate a legitimate email from a phony email? If application performance seems slow, could this be a sign of a bad actor operating within your network?
- Responsibilities. Cybersecurity is no longer the sole responsibility of the IT manager. What are the responsibilities of each individual? What is the process for reporting a security incident? Has this process been communicated to all users?
Increased awareness should lead to action. The first step is the creation of cybersecurity awareness training for all employees. Rather than handing people a manual, training should be interactive, ongoing, and regularly updated to reflect the current threat landscape.
Not only does Ancero emphasize cybersecurity training and best practices with each of our clients, but our own team is required to complete security awareness training as part of our SOC II certification. Every outside vendor should be able to demonstrate their ability to comply with your organization’s security policies and procedures, especially if they have access to any of your data.
Cybersecurity awareness is not an inconvenience. Cybersecurity awareness is a way to empower each user with the knowledge and training to protect the sensitive data and assets of your organization and customers. We hope you’ll join Ancero is embracing and promoting Cybersecurity Awareness Month in October and throughout the year!
National Cybersecurity Alliance Resources
Cybersecurity Awareness Month: https://staysafeonline.org/cybersecurity-awareness-month/
COVID-19 Security Resource Library: https://staysafeonline.org/covid-19-security-resource-library/
Security Awareness Videos: https://staysafeonline.org/resource/security-awareness-episodes/
Cybersecurity & Infrastructure Security Agency
STOP. THINK. CONNECT.™ https://www.cisa.gov/stopthinkconnect
#BeCyberSmart Campaign https://www.dhs.gov/be-cyber-smart/campaign
CISA’s Cyber Essentials https://www.cisa.gov/cyber-essentials
Telework Guidance & Resources https://www.cisa.gov/telework