SaaSMAX Corp. CEO Dina Moskowitz featured in Forbes Online, Aug. 11, 2016 with SaaS security vendors NINJIO, LLC. CompTIA, Leidos and Phalanx.
Photo Courtesy of Aaron Boyd
- The average total cost of a data breach among businesses is $3.79 million.
- The total cost to the world economy for computer and network cybercrime is $445 billion.
Whether you’re just starting your company or you’ve established yourself in an industry, a cybersecurity mistake can wipe out all your progress and growth.
“Businesses do not realize the level of sophistication that hackrs bring to the table,” said Matt Johnson, chief executive officer at Phalanx Secure Solutions. “When you are attempting to secure your business, you have to be right 100 percent of the time. The hacker only has to be right once. Companies who get hacked often wind up going out of business, being unable to shoulder the burden of cleaning up.”
And threats and breaches are becoming epidemic.
The average total cost of a data breach among businesses is $3.79 million. Company losses from cyber attacks include remediation costs, lost productivity, legal fees, lost data and lower stock prices, according to the Associated Press.
After Pokémon Go’s release this past July, hackers created malware-laden versions of the app to access connected mobile devices and accounts. Think of how many businesses were put at risk from the millions of compromised smart phones. The Internal Revenue Service’s breach last year led to stolen information from 330,000 taxpayers for $50 million. A WordPress plug-in allowed an estimated 50,000 websites to be hacked in 2014, permitting hackers to upload PHP files on the server, control the site and infect all connected sites hosted under the same name. After a hack to an employee’s iPhone, Catholic Health Care Services of the Archdiocese of Philadelphia will pay $650,000 to settle HIPAA violations. The unlimited access on Target’s network in 2013 resulted in 40 million customer credit cards accessed, a 50% drop in profits, $100 million spent on new registers and technology and litigation from major credit card companies. Target spent over $252 million to manage the breach.
The media broadly publicizes when customers’ personal and financial information is released from larger enterprises like J.P.Morgan, Chase, Home Depot and Sony Entertainment. But thethreats and attacks are trickling down to small businesses, even start-ups, faster than you think. “The implementation of cloud computing and the adoption of mobile devices has outpaced cybersecurity literacy – leaving many businesses blissfully unaware of how vulnerable they’ve become,” said Seth Robinson, senior director of technology analysis at CompTIA. “Businesses of all sizes are at risk and must take a new, modern security approach to proactively prevent and detect attacks and breaches.”
Stop reacting, and start preventing.
Most people wait until they’e experienced a cyber threat or hack to take action, “but that’s not the time to start searching the global web for a solution, especially when many search engine results are fraught with malware,” cautions Anne Saunders, a cybersecurity expert and Director of Partnerships for Leidos, Inc. By thinking everything through in advance, you and your business will be able to take corrective and compliant-related actions quickly if a breach is identified. Because of this, “taking preventative measures by implementing cybersecurity technologies is now a best practice for business continuity,” Saunders says.
If you don’t know where to start, Symantec recommends conducting a security audit to secure your entire IT infrastructure and prevent hackers from accessing your network.
Also do things like encrypting your data, securing your hardware, locking your network and hiring an IT security professional.
And companies should maintain an inventory of their hardware and software and have someone be accountable for patch management. They should also run scans and tests consistently, investing in intrusion detection and prevention applications and establish a security and risk assessment plan, suggested by Tech4BusinessNow.
Just one click of a link could result in catching a virus that shuts your business down temporarily or permanently. Getting everyone on the same page is key: “An often overlooked and underestimated defensive tactic is simply raising the awareness and improving the knowledge of security issues throughout the overall workforce,” Robinson said. “Employees remain one of the weakest links in cybersecurity prevention. Educating and enabling associates about IT security risks and best practices must become a priority for businesses and the IT service providers who support them.”
Even start-ups and small-scale entrepreneurs need to keep their immediate workforce and themselves apprised of potential threats. Affordable executive training courses are available live and online through CompTIA Cybersecure and SANS Cyber Aces Online Courses for free, while Ninjio sells 3-4 minute long animated and gamified episodes on security awareness training by Hollywood writers at a small monthly fee per executive. Learning Tree offers a full curriculum of Cyber Security courses that range from $500 to $3000 depending on days enrolled.
Know the early signs of a problem — and deal with it ASAP.
Threat identification, real-time analytics and behavioral analysis are increasingly important. Most cyber attacks come from email, the web or an endpoint (any device connected to a network, like a smartphone), so pay attention to irregular device and connectivity performance (slow computer response, pop-up windows, spam emails sent by your account, etc.). Move across devices with multiple layers of security so that your data is harder to get to and will give the hacker roadblocks that you can identify.
Also, have an incidence response plan ready to go as soon as you notice the irregularities. After a hack, businesses must address and minimize financial and informational losses, notify customers, create new strategies for prevention and work to rebuild their reputation.
(For a list of examples of tools that cyber criminals are using regularly, click here.)
Don’t forget the small, low-tech stuff.
In a world where even your laptop’s webcam can be accessed online from a hacker, awareness is key. Things as easy as creating more complex, unpredictable passwords; physically covering your webcam when you’re not using it; and not giving security information by phone can help.
Find a trusted IT security professional.
When it comes to finding the right security solutions, software products are not one-size-fits-all, especially when comparing company size and focus. More companies and IT consultants are looking for consolidated or comprehensive options, incorporating multiple security software applications to form the right strategy for prevention, threat detection and recovery.
To end with a cliché, it’s better to be safe than sorry. While it might be out of your comfort zone and “to-do” list of priorities, it doesn’t need to cost a lot or take too much time to incorporate technology, processes and education that will secure your business, your employees and your customers. These days, it’s just as important, or perhaps more so, as managing your books, your payroll and customer satisfaction.