43% of all cyber attacks are targeted at small businesses; 60% of small companies go out of business within six months of an attack and only 14% of small companies to rate their ability to mitigate cyber risks and attacks as “highly effective.”
When was the last time you reviewed your security policies? What sort of systems does your company have in place and are they carefully enforced? Weak passwords cause more than half of all data breaches, but only 24% of SMEs have strict password policies in place, and of those that do, 65% of companies say they don’t actively enforce it. Your security policies need to be reviewed every few months to make sure they’re comprehensive and enforceable. You should also be on the lookout for new strategies and technologies that you can put in place to shore up vulnerable areas of the business. Several highly advanced techniques can now help to keep your business secure and help to make sure that no one is abusing your systems, meaning that your customers are protected too, for example, Jumio mitigates online fraud with ease, and Bricata launches threat hunts based on events or anomalies.
Just as people regularly practise fire drills, you should do the same in case of a cybersecurity attack. During a cybersecurity drill, you should look at response timing on multiple levels, see how quickly individuals and teams respond and either thwart or mitigate a cyber attack and also how fast are you able to inform customers of the most current and accurate information.
Cyber liability insurance helps to mitigate the costs of an attack and is usually available both as a standalone policy, as well as an add-on to a business owner’s system. You can have first-party and third-party insurance, first-party coverage helps you to cover expenses when your network is hacked, or your data is stolen, and third-party coverage offers protection when a customer or partner sues you for allowing a data breach to happen.
If you are victim to an attack, you need to take everything offline as soon as possible as if someone has managed to access your data; you need to limit the amount of information they can get.
It is essential that you can quickly assess and block the entry point as you might be able to act quick enough to stop any data from being taken. But, you still need to check everything to ensure that nothing is lost.
Whether you have a large company or a small business, stealing or attempting to take someone’s data is a severe offence, so the authorities need to be informed immediately to commence an investigation. You will have to make all your systems and data available to the authorities, so they can see where any entry has occurred and hopefully trace it back to the perpetrator.
Before you put your services back online, it is essential to conduct a thorough audit of all your procedures and safeguards and even get an expert to come in and check your systems and advise on how they can be improved.