It’s no secret that businesses are attacked by hackers every day, yet many small businesses continue to rely on outdated or low-grade cyber security protections. These protections may not actually protect businesses against even the smallest attack, and any cyber attack damage is tricky to recover from.
Unfortunately, there are quite a few ways a cyber attack can damage you. It could even spell the end of your business. Every business should be aware of the risks associated with lackluster cyber security and what they can do to prevent these consequences.
What’s worse than a data breach? Trying to cover it up. Companies like Yahoo! have learned that lesson the hard way. They faced multiple class-action lawsuits for not telling their users immediately when they discovered they were hacked. With dark web monitoring and forensics tools, it’s easy to trace the data breach back to the company and website, so you cannot hide it.
When a data breach happens, do you think your clients or customers will rally around you? Have sympathy? News like this travels fast on social media. They will demand answers.
If you’ve been responsible, you have nothing to worry about. If you have not, you will have to tell your clients, “Sorry, we got hacked because we didn’t think it would happen to us.”
Is that going to be enough to satisfy them and help your business come out successfully on the other side?
Breach notification statutes remain one of the most active areas of the law. Senators have lobbied for “massive and mandatory” fines and more aggressive legislation pertaining to data breaches and data privacy. The courts are not in your favor if you expose client data to cyber criminals.
This does not only apply to big corporations. Any small business that collects customer information also has important obligations to its customers to tell them if they experience a breach. In fact, 47 states and the District of Columbia each have their own data breach laws, and they are getting tougher by the minute.
If you’re in health care or financial services, you have additional notification requirements under the Health Insurance Portability and Accountability Act (HIPAA), the Securities and Exchange Commission (SEC), and the Financial Industry Regulatory Authority (FINRA).
Among other things, HIPAA stipulates that, if a health care business experiences a breach involving more than 500 customers, it must notify a prominent media outlet about the incident. The SEC and FINRA also require financial services businesses to contact them about breaches, as well as any state regulating bodies.
With all the new laws being passed, there is a very good chance your business is not compliant. If you have not already, it’s essential to speak to your IT provider about this.
One security breach, one ransomware attack, or one rogue employee can create hours of extra work for staff who are already maxed out. Then there’s business interruption, downtime, and backlogged work delivery for your current clients.
Here are just a few other costs you can expect: Loss of sales. Forensics costs to determine what kind of cyber attack damage occurred, what part of the network is/was affected, and what data was compromised. Emergency IT restoration costs for getting you back up, if that’s even possible.
In some cases, you’ll be forced to pay the ransom, and maybe they’ll give you your data back. The chances are not high.
There are also legal fees and the cost of legal counsel to help you respond to your clients and the media. Cash flow will be significantly disrupted. Some states require companies to provide one year of credit-monitoring services to consumers affected by a data breach, and more are following suit.
According to the Cost of Data Breach Study conducted by Ponemon Institute, the average cost of a data breach is $225 per record compromised, after factoring in IT recovery costs, lost revenue, downtime, fines, legal fees, etc. How many client records do you have? Employees? Multiply that by $225 and you’ll start to get a sense of the costs to your organization.
If someone accesses your bank account and steals funds, the bank is not responsible for replacing those funds. Take the true story of Verne Harnish, CEO of Gazelles, Inc.—a very successful and well-known consulting firm—and author of the best-selling book Mastering the Rockefeller Habits.
Harnish had $400,000 taken from his bank account when hackers were able to access his PC and intercept emails between him and his assistant. The hackers sent an email to his assistant asking her to wire funds to three different locations.
It didn’t seem strange to the assistant because Harnish was then involved with funding several real estate and investment ventures. The assistant responded in the affirmative, and the hackers, posing as Harnish, assured her that it was to be done. The hackers also deleted his daily bank alerts, which he didn’t notice because he was busy running the company, traveling, and meeting with clients. That money was never recovered, and the bank is not responsible.
Everyone wants to believe that their employees or company could never be the victim of a similar attack, but no one is incapable of making a mistake or a poor judgment. It’s better to be protected just in case.
Some hackers don’t lock your data for ransom or steal money. Often they use your server, website, or profile to spread viruses and/or compromise other PCs.
If they hack your website, they can use it to relay spam, run malware, build SEO pages, or promote their religious or political ideals. This is why you also need advanced endpoint security, spam filtering, web gateway security, SIEM, and other important security features.
Luckily, there’s a way you can avoid potential cyber attack damage. By teaming up with a reputable IT services provider that’s an expert in cyber security, you can keep your business safe from attacks.
Techinc has been providing security services to businesses in and around the Denver area for over 15 years, and we’re no strangers to hackers, malware, and the like. We can take a look at your cyber security setup and put measures in place to protect you and your clients’ data.