Do you know that 43% of online attacks target small businesses? This was based on a Version 2021 Data Breach Investigation Report. So what does this information reveals? Well, it shows the importance of protecting your employees, business, and customer information against these threats and avoiding facing remediation costs. For our discussion today, Forbes shared 5
Cybersecurity Questions for small businesses. Without further ado, let's dive in:
What are the biggest cybersecurity threats for SMBs right now?
They mentioned that ransomware is a hot cybersecurity threat right now, affecting major companies and small businesses. This is where these hackers would hold on to the data unless a certain amount of money is paid, but we know this can not be trusted. It is vital to have proactive maintenance to stop these hackers from accessing your network.
Do I have to have a designated information security expert on staff or a third-party trusted information security and risk advisor?
It is essential to have qualified individuals who know how to handle these business threats, but relying on an internal IT employee or third party depends on several factors such as the range of tech your business uses, security policies, etc. If you do outsource, this can be an excellent investment over time and allow your team to focus on other functions of the business.
How much should we be spending on information security-related tools and controls?
The writer shared that this question also varies due to your industry, company size, customer expectations, etc. But a valid point that he made was that "It is usually less expensive to prevent a cyberattack than it is to recover from the financial and reputational costs of one."
How much training should we be giving our employees and where should we start?
A great practice would be to build a firm foundation of strong security practices and have regular reinforcement through training tools to test their knowledge. Employees need to know their role in protecting the company's image, customers, and themselves.
How should we respond if we're breached or experience a cyberattack?
Many businesses dont have an incident response call in the event of an attack. In fact, one study found that 30% of small businesses haven't created one? Although there is no defined approach, the writer shared key elements to start an incident response plan. Here are some:
- Shut down part or all connected systems and resort to the backup system.
- Contact vendors and, if necessary local or federal law enforcement.
- Once the threat is contained, assess the impact and make adjustments.
- Recover or repair, implement new controls, and update stakeholders, customers, and employees.
What about you? Do you have an incident response plan in case? I hope this helps you realize the magnitude of data pricy and security with these changing technological advancements and new threats. I encourage you to review the article in detail! It is a great resource. Until then, I hope you have a fantastic weekend! Take care, my Community friends.
