Cyber Security: Boring – Yep. Confusing – Yep. Costly – Yep, Yep.
What Cyber Security is not: someone else’s concern.
I am coming off a 6-week process of renewing the AWC cyber insurance. We take Cyber Security extremely important and work hard to protect our business operations and our member’s data. Are you taking this seriously? For small businesses adding one more expense like IT Security or Cyber Insurance falls to the backburner. When Jerri Sweeny was VP of AWC she was adamant that we find the money to contract with an IT firm and put processes in place. We contracted with our member Dave Bell (Cyber Solutions) to set up our network and security package. We worked with member Mary Cave (CSDZ) and procured a cyber risk insurance plan to protect us in the event of any breach. What I can tell you is that in less than 5 years the needs and requirements we must meet have increased exponentially – as has the cost.
The “It won’t happen to me, I’m just a small business” mentality works great… until it doesn’t. Small to mid-sized businesses are larger targets due to their less sophisticated security measures. According to a February 2022 statistic in TetherView, one study showed that 60% of small businesses shut their doors within 6 months of falling victim to a cyber attack because the financial impact is unmanageable.
According to Embroker, social engineering remains one of the most dangerous hacking techniques employed by cybercriminals, largely because it relies on human error rather than technical vulnerabilities. This makes these attacks more dangerous—it’s a lot easier to trick a human than it is to breach a security system. Phishing and email impersonation attacks account for as much as 85% of breaches according to a Verizon Data Breach Investigations Report.
Where do you start?
- Hire an IT consultant to work with your company. You may have to shell out some money initially to get set up and protected but the maintenance is completely reasonable.
- Get off Windows 7 operating system. This system is still being used by 13% of users. Windows 7 is no longer being updated with security measures. Move to Windows 10 YESTERDAY.
- Create a procedures manual around cyber security, implement it, and train your employees. Every single member of your team with an email needs to be able to recognize social engineering attacks, understand using unsecured networks (including home Wi-Fi), have a resource for reporting threats, and more.
- You MUST implement Multi Factor Authentication. In my cyber insurance renewal, we needed to attest that we use MFA for each one of our data points.
- Purchase cyber insurance coverage – this is so very important. Without it you may be one of the early statistics of businesses that shut their doors.
Please take your cyber security seriously – we have members that have gone through a data breach or ransomware attack. Each one will tell you what a nightmare it was for them. If you need resources, please reach out to me.
— B