Cybercriminals set their sights on small businesses for a reason
By Earl Gregorich
Eye-rolls, shoulder shrugs and suddenly forgotten appointments are typical reactions from small business owners when the term cybersecurity comes up during a consultation. Anything to get out of the geek-speak they fear is about to follow. It doesn’t need to be that way, and the topic is much too important to be ignored. So, let’s not talk about techy stuff or even cybersecurity. Instead, let’s discuss the value you have built in your business and what would happen if it all evaporated with one keystroke.
Entrepreneurs work hard. We put in long hours, invest our life savings, skip family time and vacations. We do all this so we can build businesses we hope will provide income for ourselves and our employees. Not only that, we hope at some point we will be able to exit our businesses and cash in on all the value we have built over time. If you understand this concept of working to build value, then you should also understand the need to protect that value.
So, what are we talking about when we say value? Obvious things come to mind, like computers, vehicles, tools, buildings, inventory and other assets. Then there are the intangibles that we often overlook–things like brand recognition, reputation, intellectual property and a customer list. These intangibles include one more thing you should add to your list of valuables: data!
Cybersecurity and the data you store
The people and businesses you work with, sell to and buy from generate valuable data. What you sell, how you sell it and what your clients have to say about it are all valuable collections of data. The customer information, payment details and credit histories of each client are extremely valuable. Larger companies and government agencies that you interact with and have access to represent valuable network connections both in relationship and technology. Are you protecting the access to all this data? If not, you not only risk losing significant value in your business, but you could also be sued if you are hacked and your lack of protection is classified as negligence.
Now that we know the value and the risk, how do we protect this data? Well, your first line of defense is a combination of knowledge and preparation. You see, we humans are the weakest link when it comes to
data protection. We need to constantly be on the lookout for the next threat, like phishing, social engineering and ransomware. If we don’t know what these are, we need to do some research and then make plans to protect our data. Then we need to communicate these plans up and down our pipelines.
Options for protecting your data
Low-cost options are available to safeguard our valuable data. Backups are key to minimizing the impact of nearly every type of cyber-attack. Backing up your data is relatively inexpensive and can be put on auto-pilot. Keeping your software up to date, using anti-virus programs and virtual private networks (VPNs) are also inexpensive defenses. If you really want to be pro-active, you could use a self-assessment tool that will highlight areas you need to work on and get suggestions for how to improve. The SC SBDC offices offer this service at no charge. (Call me!)
I should also mention that you can get insurance to protect your business from cyber-related incidents. First Party Cyber Liability Coverage can help protect against everyday risks within your business. A policy normally includes coverage for recouping lost data, meeting regulatory reporting requirements, and identity theft. If you work with other people’s data, you can get Third Party Cyber Risk Coverage. This helps in the event it is determined that your software or hardware (or employees) were part of the cause of someone else’s data being hacked. Check with your insurance provider or SBDC consultant on how to find these coverages.
Unfortunately, there isn’t a 100% foolproof method to totally prevent a cyber-attack, and hackers like to pick on small business because we normally avoid or cannot afford high security. As small businesses, we just have to make ourselves a very difficult target to hit. So, the next time we talk and I bring up cybersecurity, take good notes and take an interest in protecting the value in the business you have worked so hard to build. You will be glad you did (and I will be shocked)!