Why Neglecting Cybersecurity Can Destroy Your Small Business and 7 Steps to Get Started

Cybersecurity is a hot topic, and it’s one you shouldn’t put off acting on any longer. Many small business owners tend to put it on the back burner, but if there is an incident, your business, your reputation, private financial data for your company and your customers, and potentially your entire infrastructure can be destroyed in an instant.

If you’re still waffling or waiting to address cybersecurity, here are a few things to consider:

  • The Denver Post reports that more than 60 percent of small businesses affected by a cyber attack are out of business within six months, and the average cost of cleanup for a small business is $690,000.
  • Small and mid-sized businesses account for 62% of all cyber attacks — about 4,000 per day.
  • 50% of small and mid-size businesses have been breached in the last 12 months.
  • “Primary consequences of a cyber attack include business disruptions, loss of information, loss of revenue, and damage to equipment.” (Ponemon Institute 2017 Cost of Cyber Crime Study)

Small business owners in particular often think they’re not as at risk because “the stakes are low” or there is little worth stealing, versus a large corporation with more dollar signs floating around. But criminals often view small businesses as easier targets, because they are perceived not to have the resources to secure sensitive information. According to Ponemon, smaller organizations “experience a higher proportion of cyber crime costs relating to malware, Web-based attacks, phishing, and social engineering attacks and stolen devices.”

What is at risk? At minimum, a breach of security can expose bank information, customer data, proprietary intellectual property and trade secrets. And because of risk to exposure of manufacturing supply chain information, minimum cybersecurity requirements are now required for all small businesses who contract with the Department of Defense (DOD), General Services Administration (GSA), or NASA.

It’s also important to remember that good cybersecurity isn’t just about “bad guys.” Only 48% of data security breaches are caused by malicious intent. The rest are a combination of human error and system failure, including both technological failure and those caused by flood, fire, and other natural disasters.

Before a breach or event happens is the best time to identify your risks against various kinds of cyber threats (malicious or otherwise), audit your current level of cybersecurity, and take action to guard valuable data and systems. We know it can be an overwhelming topic but we hope we’ve convinced you of the need to get started. Here are 7 resources and tips to help you proactively bolster your small business’s cybersecurity.

  1. For most small businesses, the SBA cybersecurity overview is a great place to start. It features a wealth of information introducing cybersecurity tips and best practices, tools for small business owners, and additional cybersecurity resources.
  2. Check out this overview of cybersecurity basics, with simple descriptions and basic steps, presented by Pat Toth, NIST MEP Cybersecurity Program Manager and keynote speaker at the Polaris MEP Cybersecurity Conference in 2017.
  3. The National Institute of Standards and Technology (NIST) MEP presents cybersecurity resources for manufacturers, including information about the DFARS compliance requirements and a cybersecurity assessment tool for small manufacturers.
  4. Polaris has also produced a webinar on DFARS Cybersecurity for Defense Suppliers.
  5. Complete a digital security checklist (an example is found in the second half of this business security audit, but tailor it to your business as needed).
  6. Train your employees to use good digital security practices, and test and enforce company policies.
  7. Establish an emergency incident response plan, to prepare for the threat of a breach, human error or system failure.

RISBDC business counselors are also available to help small businesses take steps to improve cybersecurity. However you go about it, don’t wait any longer to secure your digital assets!