FedEx. Boeing. Target. When you read about cyberattacks, these are the kinds of companies that make headlines — multinational companies with billion-dollar revenues and thousands of employees. Problem is, this news coverage makes small and midsize businesses think they’re safe from cyberattacks, when the opposite is true.
Vistage recently teamed up with Cisco and the National Center for the Middle Market to determine whether small and midsize companies are prepared for a cyberattack. What their analysis uncovered wasn’t reassuring: The majority (62 percent) of small and midsize businesses don’t have a sufficient cybersecurity plan, and a quarter (24 percent) have experienced a cybersecurity attack in the last 12 months. On average, each cyberattack costs a small business $188,242, according to Symantec.
If you’re the CEO of a small or midsize business, here are four myths about cyberattacks you should be aware of, and actions you should take to protect your company from the hackers circling it.
Fact: Small businesses have credit card numbers, protected health information, employee data, personally identifiable information and other data that hackers can use to take out loans, steal identities, make wire transfers and complete other scams.
ETS can perform a complimentary assessment and identify the critical assets in your company. This will help you figure out where to prioritize your areas of defense.
Fact: The majority of cyberattacks happen to small and midsize companies. They’re attractive to hackers because they hold valuable data and can be leveraged to break into larger companies. In 2013, hackers were able to breach Target via one of the partners in their supply chain.
Take action: Educate yourself about the threats that your business is at are at risk for. Small and midsize businesses are particularly vulnerable to malware attacks, ransomware, business email compromises, supply chain hacking, remote access trojans, drive-by downloads, spyware infections and security breaches via IoT.
Fact: Hackers are sophisticated computer criminals who are constantly refining and adapting their tactics. They are organized and ruthless.
Take action: Because cyber threats are always evolving, you should review your cybersecurity plan on a regular basis — ideally every six months — to make sure it’s robust enough and up-to-date. It’s best to engage a cybersecurity expert in this process.
Fact: Law enforcement doesn’t have the time, resources or staff to protect most companies from cyberattacks.
Take action: Internal IT resources are not the equivalent of a cyber specialist. Hire a cybersecurity professional, such as ETS. In addition, make sure your company is fully compliant with cybersecurity regulations, such as NIST, PCI, SOX and HIPAA.
Contact Us to learn more. We’re your experts.