Today’s cybersecurity threats are real, and you don’t have to look far to see the big headlines. What you rarely hear about are the small companies that are compromised. This creates a false sense of security for all of us. It’s out of sight and out of mind. Unfortunately, small companies are faced with managing cybersecurity risks like the big guys. Everyone is a target. Attacks range from very simple approaches to ones that are highly-sophisticated, well-coordinated, and well-timed. All in an effort to steal information, disrupt your business, or separate you from your hard-earned dollars. Here are some of the sobering statistics:*
- 58% of cyber-attacks target small businesses with less than 250 employees
- 60% of those small businesses targeted are out of business in six months
- Small business cyber breaches increased 424% last year
So what can you do to manage cybersecurity risks?
- Validate the threats and risks to your company – get your head in the game.
- Realize there’s no easy fix – this requires a multilevel approach and everyone to pitch in (see guide).
- Don’t wait for tomorrow. Get started on developing your plans today.
Once you’ve decided to act and you have a plan, the biggest challenge you’ll likely face is end-user adoption and compliance — getting your employees to do what you ask. Generally speaking, employees perceive anything that can potentially slow them down in one of two ways. The change to workflow or process becomes an excuse for why the job cannot be done the same way. Or, they’ll find it as a reason to circumvent the process and technology you’ve worked hard to put in place. Neither is a good reason for allowing your company to be exposed, so be prepared for some pushback. A good way to tackle this is to explain why the changes are important for your organization and how you need their help. It also helps to include an acceptable use of technology policy, with employee signoff, in their HR folder as a great way to document your expectations of them. Then there’s training. We suggest the wash, rinse and repeat method.
Developing a cybersecurity strategy
Developing a great cybersecurity strategy for managing risks doesn’t need to break the bank, but it is going to take some time and effort to implement and adopt. A great way to get started quickly is to realize there is a lot of help out there and you don’t need to recreate the wheel. Ask other business leaders or partners of yours who you know and trust to share their plans with you. There are lots of cybersecurity-focused firms out there to get you in good shape too, and the cost is generally a small fraction compared to the cost of a breach or ransomware event.
There is an old proverb that says, “the best time to plant a tree was twenty years ago, the second-best time is today.”
Additionally, General Patton is quoted as saying, “a violently executed plan today is better than a well thought out plan two weeks from now”. The moral of these two quotes? Don’t put this off. Today is the day to start planting your trees.