Last year saw several high-profile hacks, most notably the Equifax data breach that left more than 145 million Americans vulnerable to identity theft. Hackers stole sensitive information such as Social Security numbers, addresses and consumer names. Their goal was to impersonate individuals by opening bank accounts, applying for new credit cards or even attempting to get driver’s licenses.
The breach — one of the largest in U.S. history — left many questioning their current cybersecurity measures and seeking solutions. This included New York’s small-business community, which accounts for 99 percent of all businesses in the state. In response to this historical breach, New York Attorney General Eric Schneiderman called for the state and all New York businesses to adopt more stringent cybersecurity measures.
However, a 2017 Manta poll showed 87 percent of small-business owners nationwide do not feel they are at risk of a cyberattack. Don’t make this same mistake. The majority of cyberattack victims are businesses with fewer than 1,000 employees, so make sure you have the necessary tools in place heading into 2018.
THE COST OF IGNORING A DATA BREACH
According to the Poneman Institute, the average cost of cleaning up a small business after it has been hacked stands at $690,000. Given this high price, it is not surprising that six in 10 small businesses fail within six months of experiencing a cyberattack.
Nearly half of cyberattacks are maliciously intended, with hackers aiming to use a business owner’s information to compromise their credit. This leaves personal information, pre-existing accounts and their business at high risk. For example, small-business owners may no longer be able to pay their business loans or access new financing after their credit score has been compromised.
Often, small-business owners are at a greater risk of an attack because they do not have the necessary cyber protections in place. One way to protect against a cyberattack is to enhance security measures through malware detection or pop-blocker software and installing a firewall, anti-spy, anti-virus and spam filter on your small-business’ computer system.
Consider the recent Equifax breach. In its wake, the company offered consumers a free data freeze on their account; but the trick is to protect yourself and your business before a breach occurs to avoid putting your business and customers at risk of getting their sensitive information stolen.
WHAT CAN YOU DO TO PROTECT YOU AND YOUR SMALL BUSINESS?
With small businesses at a great risk of falling victim to a cyberattack, business owners can follow these best practices to better protect their businesses.
• Most importantly: Protect your personal information at all costs. Never respond to personal information request via call, text or email. It is imperative that account owners keep account information safe from potential phishing scams by not opening or downloading attachments from unknown sources.
• Do not share confidential business information online and be sure to protect personal information by securing it with a strong password or keeping it out of public view. Protect your digital footprint by increasing account password strength using two-step authentication, encrypting sensitive documents, and hiding and requiring a WPA2 password for your wireless network. Fortify your paper trail by making sure you have shredders available in convenient locations at your business.
• Business owners should change their account passwords once word breaks of any data hack — even if your business is not directly impacted. By having multiple, strong and unique passwords for yourself and your business accounts, you lessen the risk of hackers stealing your personal information. It is also advisable to keep your electronic devices up to date with the latest security patches. It is equally important for small-business owners to install a firewall and anti-spy software for computer security and to keep them up to date.
• Monitor all accounts regularly to detect fraudulent activity. If a check is not processed on time, contact the payee and consider placing a stop payment. If you bank online, sign up for automated alerts that will flag any change in credit status. KeyBank, for example, offers online banking account alerts that allow you to track transactions that may exceed a specified amount or know when your account drops below a certain amount.
• Consider creating an informed cybersecurity incident response plan. It behooves small-business owners to stay vigilant on data breaches or cyberattacks and take the time to consider any potential implications for their business. Develop an incident response plan so you can respond quickly and effectively to any breaches of cybersecurity that might affect your business and its employees.
• Consider purchasing insurance. Standard commercial insurance policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur. Take time to analyze your cyber exposure and proactively decide to assume or transfer the risk with an insurance product.
Anyone and any business can fall victim to a data breach. Educate yourself and your employers on best practices to protect your small business in 2018.
Check out our online Protect Your Business Checklist at key.com/about/security/protect-your-business.jsp for more on protecting personal information.
Joseph F. Markey is president of KeyBank’s Hudson Valley/Metro New York Market with offices in midtown Manhattan and Tarrytown. He can be reached at 914-333-5746 or at firstname.lastname@example.org.