10/29/2024 | Press release | Distributed by Public on 10/29/2024 22:05
Forty percent of small businesses experienced at least one cyberattack last year, according to one estimate. The cost to pay a ransom or clean up after a data breach can be devastating, clocking in anywhere from tens of thousands to millions of dollars-enough to put a company out of business.
The difference between a deflected or averted attack and one that's catastrophic can come down to the right defenses, smart preparation, and quick action in an emergency.
There are three reasons that small businesses are increasingly being targeted by cybercriminals, according to Rohit Ghai, CEO of Burlington, Massachusetts-based RSA, a global leader in identity and access management. Speaking at a recent conference, he said that hackers are looking to small businesses because they're increasingly connected to digital services, they're seen as less prepared to withstand a cyberattack, and they can be a conduit to attack larger businesses that are their clients.
Joining him on the panel was Tiffany Ricks, founder and CEO of Brooklyn-based HacWare, which helps companies guard against phishing and social engineering attacks.
"We have to think about cybersecurity as an arm to help us do business more effectively," she said, noting the financial, reputational, and business disruption costs that can follow a cyber incident. Cybersecurity should be an ongoing effort, she added. To that end, Ricks and Ghai shared some cybersecurity pointers for small businesses .
There are major steps companies can take to improve their cyber hygiene.
The Cybersecurity & Infrastructure Security Agency, a government agency tasked with securing the nation's digital infrastructure, offers tools and guidance for small businesses to get started.
There's a security saying: it's not if your company will be hit, but when. And even if your company isn't itself the subject of a cyberattack, an outage at a key vendor can disrupt business, as a faulty software update by CrowdStrike and the Change Healthcare ransomware attack illustrated. Know in advance what you'd do in the event of a disruption: How could your business continue to operate if a key system goes down?
Identify your "crown jewels," which are your most valuable data or systems. Most hackers are economically motivated, so they're looking to lock up whatever they believe can be resold, can use for financial gain (such as credit card numbers), or is so critical to running your business you'll pay a ransom to get it back.
In fact, hackers often lurk in systems for months to figure out what a company's crown jewels are. Those are the systems that you'll want to expend the most effort securing and backing up-and the first that you'll want to lock down if you notice any strange traffic or signs of an intrusion.
Know who you'd call in an emergency. That might be your lawyer, your cyber insurer, or an incident response company. Depending on your state and industry, you may also be required to notify a government agency.
Ricks advised anyone facing a ransomware attack or cyber incident to remember the acronym CAN: Contain, Assess, Notify. Try to contain the breach by changing passwords or taking systems offline. Assess the scope of the damage. Then, notify the relevant stakeholders, which you've hopefully already identified.
Old National is committed to helping your business fight against fraud.Learn about our resources here.
This article was written by Jennifer Conrad fromInc.and was legally licensed through theDiveMarketplaceby Industry Dive. Please direct all licensing questions to[email protected].