"Hackers don’t target small business."
"I have insurance."
"I use anti-virus software."
"My IT guy handles that."
Small business owners set themselves up for unnecessary risks when they buy into these myths. The facts are that hackers do target small businesses, having the right insurance MAY help, and that software and IT staff can’t do enough to protect your business and your customers. And that all adds up to the conclusion that yes, small businesses do need cyber security.
Many small business owners believe the myth that small businesses aren’t the target of sophisticated cyber attacks. Here are some stats that might get you thinking otherwise. (source, source, source).
There are several aspects to cybersecurity threats. First, there are a few common methods of attack, including social engineering, phishing, malware, etc. Then, there are threats that target a lack of preparedness. In our experience, we see the following as the overall four greatest threats facing small businesses when it comes to cybersecurity:
We hear two things when it comes to insurance. First, many business owners mistakenly believe their general liability insurance covers damages from cyber attacks. It does not. Second, many believe that their cyber insurance may cover the damage. It MAY not. Insurance companies lost billions of dollars last year due to cyber attacks. Now, they are being very diligent with claims. They use two tactics to avoid paying: limiting payouts and declaring “Failure to comply”, meaning they claimed the business was negligent in not putting proper cybersecurity plans in place or not following through on existing plans.
Did you know you may be required to disclose an attack to your insurance? It depends on your state and level of compliance, but something as simple as not reporting an incident could mean no claim.
Finally, let’s say your business is properly insured, and then you get hacked. Think of the damage done due to loss of intellectual property, to your reputation, and the PR nightmare that may ensue. Insurance won’t cover that.
If you’re like most small business owners, you don’t have people dedicated to cyber security. You likely don’t have other resources assigned to protect your business. Don’t worry, that’s both common and easy to fix.
Start here, with our Basic Security Principles. It’s a white paper with three steps you can take to secure your business. That’s a great first step. From there, we can help you put together a cybersecurity plan to monitor, detect, and respond to any attacks.