Incidents involving cybersecurity are hard to accurately track by their nature – hackers and digital fraud organizations don’t tend to be very transparent regarding their business activities. Legitimate enterprises and governments, however, routinely release such information, and therefore have made it clear that cybersecurity initiatives are among the top funding priorities for companies in every industry.
Small-business owners and entrepreneurs may underestimate their risk of falling prey to these digital threats. As with any external risk, a lack of active security measures addressing online theft or fraud is equivalent to painting a bullseye for criminals.
Fortunately, simply taking account of the basic steps to securing your business from cybercrime is often inexpensive and effective.
What’s the risk?
Cybercrime has become among the biggest sources of financial risk to just about anyone engaged in the modern global economy. According to a study from the Ponemon Institute and cited by Hewlett-Packard, the price tag of a digital attack for the average business was approximately $9.5 million in 2016. This has increased by double-digit percentages for the last several years.
With numbers like that, it’s no surprise that the typical small business stands to lose more from a hacked bank account or fraudulent transaction. A study by the National Institute of Standards and Technology found that 60 percent of small businesses suffering a cyber attack closed down within six months as a result.
“For some small businesses, the security of their information, systems, and networks might not be their highest priority,” the NIST study explained. “However, an information security or cybersecurity incident can be detrimental to their business, customers, employees, business partners, and potentially their community.”
Starting with basics
As the NIST and other researchers have found, one of the biggest predictors of a digital security breach within an organization has nothing to do with computers, phones or locked doors. Rather, businesses and individuals create a tempting mark for criminals by simply being unaware that they even are a target. A 2014 survey from the National Small Business Administration estimated nearly 1 in 4 small-business owners had “little to no understanding of the issue whatsoever.” At the same time, the NSBA found nearly half of respondents had ever been a victim of a cybercrime.
In the three years since, business owners are likely much more aware of the risk, but basic protections remain incredibly important. Small businesses or even freelancers can experience significant loss, should their data or systems fall into the wrong hands. But they may be in a difficult position to take the necessary steps due to budget constraints or other impediments.
To remedy this, several agencies have made a concerted effort to spread awareness of cybercrime and its prevention. Most of the advice involves making digital security a pillar of business planning, training and operation to combat fraud.
Some of the biggest steps toward preventing cybercrime are also among the easiest. As explained in a guide from the Federal Deposit and Insurance Corporation, small-business owners should ensure all of their computers are protected with a strong password and up-to-date antivirus software. In addition, they should certify their wireless internet connection is password-protected. Business owners may want to consider contacting a cybersecurity professional for a full audit of specific data security issues.
Not every incidence of cybercrime is perpetrated by a mysterious figure. Quite often, according to the NIST, online theft or fraud is carried out by a current or former employee who was given access to sensitive data of some kind. The employee in question could be either disgruntled and intentionally malicious, or they could have made a careless mistake. In any case, business owners can mitigate these risks by training all employees on the basics of cybersecurity, like how to verify someone’s identity before disclosing sensitive information. Employers should also have procedures in place to limit access to data, particularly in case of employee termination.
Some of the above steps can be carried out by most any professional, but often require a much more significant investment when scaled to an entire organization. The NIST recommended small-business operators take time to conduct research on how to buy the most secure digital equipment available, and how to keep it secure once it’s operating. Seeking out the services of a cybersecurity expert might prove worth the cost, but only if he or she can work within the parameters of the business’s needs and budget to solve problems.
Cybersecurity is a quickly evolving field of study, so it is important for businesses of any size to keep up with all the latest developments. Maryville University’s Cybersecurity Master’s degree uniquely positions students to practice in real-world settings, thanks to the Virtual Lab – a virtual training ground for cybersecurity risk management accessible from any internet-connected device. Through this coursework, graduates will have hands-on experience and the insight from faculty experienced in the cybersecurity field.