Here are some statistics to consider:
- Security breaches due to cybercrime increased by 27.4% in 2017
- Small and medium-sized businesses have higher average costs related to malware, online attacks and phishing than large businesses
- On average, security intelligence systems, such as antivirus, save businesses (large and small) in the US $2.8 million (2017)
- Only 21% of US small to medium-sized businesses say they are able to protect against threats.
These and other figures paint a concerning picture. Small business owners (SMBs) are underprepared for constant attacks that can cost them thousands.
- Find more interesting articles in Digital Master:
- Mobile security: New study warns against Android apps
- Ransomware Attack is infecting Computers Worldwide
- More mobile threats, better mobile security
- Hackers Can Steal Information From Business Entry Points
- Business Insurance – How to Protect Business from Hackers
- 5 Step Beginners’ Guide to Create a Website
- Four key principles of good website usability
- 7 Features That Show Your Shared Hosting Plan is Secure
- How to Choose a Good Business Name and Domain Name
- WordPress Vulnerability Secured
How much is your data worth?
Part of the problem is that many SMBs don’t know what’s valuable – or, at least, everything that is of value. We lock our doors, keep cash in safes and have intruder alerts. But what about your digital data?
While it may not be that valuable to someone else, it’s invaluable to you, which is why ransomware attacks work to get YOU to buy it back. How much a company’s data is worth is often only quantified when a cybercriminal steals it and offers it back at a cost. How much would you pay for all of your data?
The aim is never to get to this stage.
All small businesses should aim to collect their valuable data and protect it.
What’s the data?
Contemporary businesses rely on a wide variety of data types. How these businesses manage the collection and protection of that data is crucial to ensuring customer satisfaction.
Your business gathers and uses data that relates to its core activities:
- human resources
First you need to decide which data types play the biggest role in the operation and success of your business.
- You might need certain data and information when you want to create a new product
- You need contact information of your clients, suppliers or leads
- When you take an order, you’ll need to collect payment card details to process the transaction and an address to send out an invoice for it
- If you want to deliver the goods, you’ll need times, dates, a courier, as well as an address to fulfill the order
- You need your accounts data for filing taxes and returns
Next, you need to know how to protect those data types.
Integrating protective measures is essential from the outset: reinforcing data management processes – through staff training and written policies – and adding safeguards at the point of access.
Following that with the deployment of a secure database, encryption, and password protected access ensures multiple layers of protection for each vulnerability.
For what it’s worth
The cost of cybercrime to you and your business will depend on what your business does, how it makes money and what form the attack is.
Financial loss is always harmful whether as a result of having to pay out to repair a compromised system, compensate customers, or to pay fines to the relevant authorities if you’re found to be in breach of legislation.
It will have a detrimental and unforeseen effect on your revenue and cash flow.
Your digital data – reports, surveys, emails, corporate information – is an essential part of the service you offer.
How much would you pay to get it back if you suffered a ransomware attack? On average, small companies are asked to pay £3,000 per user ($4,200.00).
How much time – and therefore money – would it take to rebuild your data if it was permanently deleted?
Even if you pay the ransom requested by the malicious hackers, there is no guarantee you will get your data back.
Plus, ransomware is just one type of cyberattack. There are plenty of viruses that can compromise your data and not provide you the opportunity to get it back.
Many companies shut down during cyberattacks and this has a cost. For example: an attack means you and 20 employees can’t work for two days.
If the average employee gets paid £200 ($275) per day, the attack has already cost you £8,000 ($10,980.)
Then figure in the time to rebuild your digital assets (assuming you can.) If it takes each person a week’s work to rebuild databases, repopulate address books and scour emails for invoices, purchase orders and other data, that’s an extra £20,000 ($27,450.)
Now factor in any new business you have been unable to do, what is the loss of earnings? If you turn £5,000 ($6,860) per day, that’s £25,000 ($34,310) over a working week.
Now the figure is starting to look like £53,000 ($72,740.)
Tech and protection
Of course, that £53,000 ($72,740) – or whatever your initial costs total – is before you look at other damage costs.
This may include outside technical support to clean and rebuild servers, new machines and the antivirus that people invest in all too late.
This could easily add a few more pounds or dollars to your bill.
Your bank account
If you or one of your team unwittingly gives security data to a cybercriminal, it could cost thousands.
For example, Choice Escrow and Land Title LLC suffered a data loss incident in which cybercriminals stole the company’s online banking ID and password and transferred $440,000 ($320,580) to a bank account in Cyprus.
One small marketing business in Chicago had two separate accounts accessed by perpetrators within 12 months.
The first breach was stopped by the bank, but the second account had $20,000 (£14,570) stolen in multiple withdrawals, before the business owner realized what had happened.
Fines and litigation
There are other important reasons to protect your data. In the US businesses must comply with a variety of State and Federal laws and regulations; in the UK, companies have to comply with the Data Protection Act.
Economic regions also have their own requirements that member and non-member states need to be aware of, such as the European Union General Data Protection Regulation (GDPR,) which came into effect on 25 May 2018.
Failure to manage your customers’ data in accordance with the relevant laws can result in fines, litigation, and even criminal convictions.
Penalties for not complying with GDPR, for example, are up to 4% of your annual international turnover or, for the most serious breaches, €20million ($24million/£17.5million.)
Failure to comply might also affect the ability to deliver a service or product to your customer.
Another important aspect to consider is that companies and individuals have the right to sue you, if you are the source of a breach of their data that you hold.
Although small businesses are not affected by lawsuits to the same extent as bigger companies, one statisticstates that the average small business earning $1million (£730,325) annually will spend about $20,000 (£14,600) on legal costs every year.
So it’s worth considering the impact data breaches can make on any budget you set aside for litigation costs.
To help your business protect its data, it can follow the guidelines set out in ISO/IEC 27002, the international standard for information security. Alternatively, it could even achieve formal compliance.
Businesses have a responsibility to protect the data of their employees, and breaches can endanger your colleagues: people with families and livelihoods of their own.
Some businesses even end up having to close after an attack, which means everyone is out of business and looking for a job.
By failing to protect your digital assets you are placing everyone at risk.
And what about your reputation? You might say it’s hard to quantify value like that, but if negative press and subsequent distrust means your revenue drops by 20%, it’s easier to quantify.
Equifax is not only being sued, but its plummeting share price shows the impact of distrust.
Any loss in customer trust could also hamper your future success and the reputation of your brand or business.
Your customers may reasonably think that, if you were hacked once, why couldn’t it happen again? Confidence in your brand or business can drain faster than the battery of your smartphone.
Protecting your business
- 9% of small businesses get burgled
- 0.1% of UK businesses were affected by fire*
- 90% of all data breaches affect small businesses.
You lock up at night. You have security cameras and burglar alarms. Your phone has a screen lock. You have smoke detectors and sprinklers.
And then you insure your premises and other liabilities, to make sure that if these measures don’t work, you can recoup damage costs and rebuild your business.
So, why don’t small business protect their digital assets in the same way? It costs a fraction of an attack and gives you peace of mind, just as your locks, insurance and smoke detectors do.
Learn more about the price of protection compared to the cost of a cyberattack, or discover how AVG Business antivirus can protect your small business.
Tips: AVG is one of the world’s most recognizable names in online threat protection with more than 200 million active users counting on their products and services every day for their online protection, performance, and privacy.
Their technology is cutting-edge and lets people do safely all the things they love most: from surfing, emailing, and social networking to shopping, banking, and more.
AVG‘s 2018 selection of products and services covers PCs, Macs, mobiles, and tablets.