Disaster Preparedness Operations

How prepared is your small business for a cyber attack or breach?

Despite frequent reports in the news of cyber attacks on businesses and privacy breaches, an alarming number of small businesses are not prepared.

More than four of every 10 small business owners have no cybersecurity plan in place at all – leaving their most sensitive financial, customer and business data, and ultimately their companies, at significant risk, according to a new survey.

What’s more, one-third of companies with 50 or fewer employees report are using free, consumer-grade cybersecurity, and one in five companies use no endpoint security whatsoever, according to the survey of more than 3,000 small businesses in the U.S. and U.K. by cybersecurity company BullGuard,

Other survey findings:

  • Nearly 60% of the business owners believe their business is unlikely to be targeted by cyber criminals, however the results revealed that  18.5% of those surveyed had suffered from a cyber attack or data breach within the past year.
  • Companies that fall victim to a cyber attack can experience significant downtime that seriously impacts productivity, data privacy, the company’s reputation and even revenue. Once breached, 25% of small business owners stated they had to spend $10,000 or more to resolve the attack. As for time lost, 50% of them said it took 24 hours or longer to recover from a breach or cyber attack, while 25% reported they lost business as a result, and almost 40% stated they lost crucial data.
  • Despite these numbers, many small business owners are overly confident in the safety of their company and customer data. One in five surveyed stated their organization has zero vulnerabilities and 50% of owners stated their employees do not receive any cybersecurity training.

These findings come as Verizon’s 2019 Data Breach Investigations Report found that 43 percent of cyberattacks target small businesses, including hacking, social attacks and malware.

Here are a few tips on ensuring your small business is adequately protected against today’s cyber threats and risks:

  • Establish an off-site backup plan; Create multiple backups of critical data.
  • Consider using commercial grade cybersecurity tools on all components of your network;
  • Keep your operating system and cybersecurity tools continually updated and stay current with all patches;
  • Train staff on cybersecurity awareness and behaviors, and repeat the training often.
  • Put in place a cyber-incident response plan.
  • Restrict access to system and files to only those who need it.

Need to get started?

To equip small businesses with the education and resources to better protect their business from an attack, the Florida SBDC Network recently launched its new Cybersecurity Basics for Small Businesses program.

As part of the program, small businesses may determine their level of risk through the network’s new cybersecurity risk assessment, which is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Additionally, the network has developed online cybersecurity training to help small businesses learn basic cyber risks, common cyber threats, and strategies to secure their business and respond to an attack.

In addition to training, Florida SBDC’s professionally certified business consultants, including those at Florida SBDC at FIU, the small business development center in FIU’s College of Business, are also available to work one-on-one with business owners to help them develop a cybersecurity plan.

Read more on GrowBiz:

In the wild wild west of cyber attacks, ‘security is everybody’s job’

Cybersecurity threats are all around us, but there’s help for small businesses

Please send GrowBiz topic suggestions and feedback to GrowBiz@FIU.EDU.

Leave a Comment