As a small business owner, it may be easy to brush off cybercrime as an enterprise problem – why would criminals target small operations? Yet, small businesses are often the easiest targets for cybercriminals because they’re the most vulnerable. Forty-three percent of all cyberattacks in 2015 were targeted at small businesses, according to cybersecurity technology company Symantec.
“I think a lot of SMBs are aware that security is important, but it easily falls to the bottom of a long to-do list,” said Tony Perez, GoDaddy’s general manager and vice president of security products. “The biggest question is always, ‘Where do I even start?’ That’s the big thing GoDaddy is working to address by making it simple and easy for SMBs to implement proven security protocol.”
If you’re a small business owner with a website and no security measures or practices in place, you could be at risk. The exact situation is different for each business, but Jorge Rey, chief information security officer for accounting firm Kaufman Rossin, said it’s important for all business owners to assess their vulnerability and determine whether security solutions are needed.
“A lot of times, we don’t make decisions because we believe it’s not going to happen to us,” Rey said. “Small businesses really have to think about how their customers are going to feel after a data breach or how their business is going to be impacted.”
Assess your own risk
Security problems can arise in two main ways: as outside hackers or internal threats. While it’s important to consider outside data breaches, you should look at your internal IT infrastructure policies as well.
“Within your own network, do you know where your sensitive information is? Do you know who has access to it? Have you thought about how access should be restricted?” Rey asked. Small business owners may not “put too much attention on the back office, so you’re not thinking about all of the things that could go wrong.”
Once you’ve analyzed your internal risk, Rey suggests looking at what data you work with and consider its worth to a cybercriminal. If you run a successful e-commerce business where you process and store sensitive credit card information, your security measures will be different from a small business that only has a Google listing online.
A more concrete way to consider your cybersecurity situation is to use the Gordon and Loeb model. Perez said that breaking down estimated loss and risk, and identifying investments and savings can help a small business get a full view of their cybersecurity situation. The model may involve some complicated math, but ballparking potential savings and the cost of investment can give you an idea of where your business stands. Perez provided this basic chart to help.
|1||Estimate Loss||Estimate your loss if a breach were to occur ($Loss)|
|2||Estimate Risk||Estimate the probability of loss from said breach (%Risk)|
|3||Identify Investments||What investments could you make ($Invest)|
|4||Estimate Savings||For each investment, estimate reduction in probability of breach (%save)|
|5||Calculate||Potential savings = ($Loss) X (%Risk) X (%Save)|
Read more: https://www.businessnewsdaily.com/5531-identity-theft-prevention.html