Sneaky Cyber Threats that Could Impact Your Business Finances
The recent Equifax breach of an estimated 145.5 million people is the latest in a series of well-publicized cyber attacks – this one being a data breach. These cyber attacks should be a heads-up to small businesses to think about how data breaches and other cyber threats can occur. What would it mean to your bottom line if this happened and you didn’t take immediate action?
Types of Breaches
While cyber hacks such as the one at Equifax grab headlines because of their size, the unfortunate fact is that attacks can happen at any point to small businesses. According to a 2016 report, half of small and mid-sized businesses experienced a breach in the past 12 months. These cyber attacks include:
- Data breaches where cybercriminals gain access to your sensitive information, including customer credit cards, and personal information such as employee birth dates and social security numbers. Data breaches can also occur when employees access company information for their own purposes.
- Ransoms where your computer is locked, preventing you from accessing anything on it until you pay the ransom.
- Viruses that can corrupt your data.
- Fraudulent online sales. E-commerce merchants face the additional cyber threat of fake sales where illegally obtained credit information is used to make purchases that are ultimately not paid for, leaving merchants out the cost of their goods.
Types of Financial Exposure
If you experience a data breach, it may be very costly in the following ways:
- Loss of revenue. It goes without saying that to the extent you may be down or lose sales from data breaches, fraudulent online sales, or other cyber attacks, your revenue can be adversely impacted. Depending on the nature of the cyber threat and how long it impacts the business, this loss can be substantial.
- Notification and assistance (e.g., paying for credit monitoring) to those who are impacted by the data breach. While federal law doesn't currently mandate that you notify customers, state law might require you to act. Look at the National Conference on State Legislative's state-by-state list of security breach notification laws to determine whether you're obligated to notify customers and others.
- Loss of customer trust. Verizon's 2017 Payment Security Report found that 66 percent of customers would be unlikely to do business with a company that experienced a data breach exposing sensitive information. Winning back customer trust can take substantial time and require significant costs.
Types of Protection
Given the scope of the threats you face and the financial cost it can bring to bear, you must be proactive in your efforts to protect yourself, your customers, and the business.
Systems protection. Be sure that your data is protected by using best business practices:
- Use anti-virus protection. This software protects against malware that can infect your system.
- Install a firewall. This is a first-line of protection against incoming threats.
- Backup data. This helps protect your business in case of ransoms. You can choose not to pay a demand, but still be able to reinstall software and backup data to your computer.
- Online payment compliance. Those with e-commerce should be compliant with standards set by the PCI Security Standards Council. Check with your payment processor for assistance.
- Adopt other best business practices. For example, decide who has access to your company's financial information. Require better password protection for those with access to your network. Educate employees about the importance of complex passwords and opening questionable websites on the company's network.
Cyber insurance. Your Business Owner's Policy (BOP) likely doesn't cover financial losses resulting from data breaches and other cyber attacks. Cyber insurance policies cover the costs of notification, data reconstruction, and other financial costs resulting from data breaches to ransomware. The amount of coverage and extent of protected risks vary by policy.
Legal action. If you've been impacted by a cyber attack, consider legal action. For example, a class action lawsuit was filed on September 19, 2017, against Equifax on behalf of 28 million small businesses. Their ability to obtain business credit depends on the owner's personal credit rating, but unlike consumers, these businesses must pay to access their business credit reports via Equifax.
Cyber security should be a priority for all small businesses. Understanding the severity of the problem is the first step in securing your company's data and protecting yourself from cyber criminals.