In his book “The Road Less Stupid,” Keith Cunningham wisely advises that to succeed in business, one should do fewer dumb things rather than trying to do more smart things. This advice is particularly applicable to cybersecurity. But unfortunately, even smart people tend to make dumb decisions when it comes to protecting their assets, either because of ignorance or reluctance to spend money and time on protection.
One of the biggest mistakes is thinking you won’t get hacked because you’re too small or because you “don’t have anything the hackers would want.” First, let me point out that you’re not too small to get hacked, but you are too small to make headline news. Millions of small businesses get hacked every year – they don’t talk about it because of the potential liability, bad PR, and loss of client and marketplace trust. They’re embarrassed.
Further, you’re right – hackers don’t necessarily WANT your stuff unless you have medical records, credit cards, social security numbers, etc. Those are valuable digital assets that can be sold on the dark web marketplace – and cyber criminals are in it for the money. But more to the point, YOU want your stuff, so they’ll kidnap your information and hold it for a ransom to extort money from you.
So it goes with ransomware. When all your work files and e-mails go away, very few businesses can pick up from ground zero and keep operating without any losses. Perhaps the solo operator working from home, but certainly not a small business that has been operating for several years with multiple clients and employees producing work for clients.
Some businesses avoid investing in and prioritizing cybersecurity by assuming they can rely on insurance policies and data backups to recover from a cyberattack. However, insurance companies are businesses aiming to make profits and may not always pay out policy claims. Moreover, cyber insurance carriers require organizations to demonstrate that they have taken specific security measures, such as multifactor authentication, password management, endpoint protection, and data backup solutions. Some carriers may also require phishing and cybersecurity awareness training or a written information security program.
Hackers are aware that people may opt to restore their files from backups rather than pay a ransom to recover their files. So, the hacker’s additional threat is that if you don’t pay, they’ll release your files online for all to see, including payroll information, ALL e-mail communications, client contracts, and more. Do you really want that in the hands of competitors and the general public? Insurance won’t cover that.
While implementing cybersecurity measures cannot guarantee absolute protection, it can significantly reduce the damage caused by a cyberattack and deter hackers from targeting your business. Just like wearing a seat belt and practicing good driving behaviors cannot prevent all car accidents, they can still minimize the risks and increase your chances of survival. Therefore, it’s essential to prioritize cybersecurity in your business operations to avoid becoming low-hanging fruit for cybercriminals.
Want a FREE, confidential assessment of your current cyber security status? Click here to schedule a quick 10-minute call to start a discussion and see if you could benefit from a more robust cybersecurity plan.
Leave a Reply