John Ambrose Fleming was set to unveil a wireless technology to the public that was sure to change the way they communicated. After investing his time and effort into planning the demonstration, the day finally came to show the eager crowd. He was just about to send the first transmission, but instead… the device started sending a message on its own.
John had been hacked: “There was a young fellow of Italy, who diddled the public quite prettily.” Lines from a Shakespeare poem mocked him in front of the audience via Morse code.
When Guglielmo Marconi invented wireless technology, he had advertised it as “completely secure.” Turns out it was a false sense of security. By the way, did I mention this happened in 1903?
It has been 113 years, but many of today’s small businesses are recreating this story with a modern twist. We can all be guilty, at times, of this “bulletproof” mentality. We read about cyberattacks on large scales like Target, Sony, Office of Personnel Management and Home Depot nearly every week. The usual reactions boil down to these three takeaways:
- These cyberattacks seem to be happening more frequently
- The attackers only seem interested in large organizations
- I hope my information was not involved in that attack
Imagine if small business security incidents were given the same attention as corporations. If so, new television networks dedicated to reporting these incidents might need to be created. The number of small businesses at risk has dramatically increased over the past five years. In 2012, the National Cyber Security Alliance reported that 20 percent of small businesses would be the victim of an attack. Just two years later, that number rose to 50 percent. What’s even more troubling is that more than half of those companies were not able to recover from the attack and were forced out of business.
What can you do to avoid becoming another statistic?
Being serious about protecting your assets starts with educating yourself. You need to know that, if given a choice between the Bellagio and your construction company run by you and 18 guys in the field, cyber criminals will choose you every time. The reality is that this is not Ocean’s 11, and they’re going for the easy money.
Be willing to invest the necessary funds to adequately secure your company’s data. How much should you spend? According to a 2015 Spiceworks survey, the average cost of IT spending ranged from $62,000 per year for businesses with 19 employees, to $230,000 for companies employing 250. Where do you fall in relation to the industry averages?
Spending $100,000 is going to be better than a security breech that ends your company. If you’re not sure, talk with your IT strategist to understand what the right level of security is for your firm.
Is your website managed by a third party? Better make sure that you have access to that code! There are plenty of horror stories about providers going out of business and access to the business’s website code disappearing with them.
Regardless of who runs your website, you need to make sure there aren’t gaping holes within the code itself. Unchecked code is like a house with glass walls and no locks. You are showing everything you have to anyone that wants to look, and doing nothing to prevent them from taking it. Again, your team should be proactive in addressing this vulnerability. There’s best practices in place to do just that.
The best way to plot out your course of action is to have a security audit performed. An audit can help you:
- visualize what’s at risk
- attach a value to that risk
- help you to determine a solution that’s right for your situation
Solutions could range from outsourcing remote monitoring of key system functions to bringing a full-time employee on board to manage the risk.
Are your employees aware of the online and real world threats that could cripple your business? Maybe most of them know not to send sensitive data to emails claiming your company is the recipient of King Bob III’s inheritance. What happens, though, when a nicely dressed individual walks up to your receptionist and says,
Hi. I am here for an interview with Mr. Smith, but I just spilled coffee on my resume! Could you please print me off a copy from this flash drive?
The problem is, the USB drive was configured to run an invisible program establishing a backdoor connection for the “interviewee.” They can use this connection to siphon out valuable data from the comfort of their mom’s basement. Think it’s far-fetched? Think again. Make cybersecurity education a regular part of your internal communications and training program.
So you read endless articles about the latest trends in cyberattacks, and you spent a few thousand on a security audit. You even asked your friend Bill’s teenage son what he thought of your website. He said it looked good. Now you have all this wonderful information about threats, risks and associated costs. Job well done, right?
Almost! If you don’t see this effort through to the end, you will be left with a pile of expensive information and paperwork. The final step is actually implementing the appropriate IT strategy to protect everything you spent weeks learning about. This can be costly if it means hiring people. That’s why most organizations lean on a cyber team to implement the plan. It’s a lower cost and reduces your risk.
Security threats have been around for over a 100 years—it is a pretty safe bet they will be around for another 100 years as well. The key to surviving in a hostile environment will come down to choosing if you want to be reactive or proactive. When you are ready to make the move, you will want to consult with more than your friend’s kid. Reach out to an IT strategy partner that has the experience and field expertise to keep your business out of harm’s way.
There are plenty of sources for cybersecurity trends and advice, and it can be overwhelming trying to stay current. We want to share the news and advice that we believe is relevant to you. Feel free to subscribe to this blog and connect with us on social media to stay up to date.