When I think about cybersecurity attacks, I typically think about larger businesses being the targets. However, businesses of all sizes are vulnerable to cyber-attacks. I asked local cybersecurity expert Todd Mitchell, owner of CyberSecurity4Biz, to explain ways in which small local business are vulnerable. Todd told me, “Attackers often target point-of-sale (POS) systems, installing malware that steals credit card information when the POS system is used.”
Todd provided these examples of other vulnerabilities:
- Retail and Restaurants websites and applications rely directly on incoming traffic for revenue; thus, distributed denial-of-service (DDoS) extortion is potentially lucrative. A sophisticated DDoS attack can bring down a site in a matter of minutes.
- Payments are processed, so credit card fraud is constantly being attempted.
- Customers must be able to access their accounts, which gives hackers the ability to stuff credentials (i.e., they attempt to hijack accounts by entering email and password combinations that were stolen from other sites).
- Customer accounts contain a lot of valuable personally identifiable information, which entices hackers to breach the retailer’s back-end systems and steal account data.
- Web users can often upload their own content (e.g., reviews) to online stores, and thus spambots are rampant.
- Disgruntled Employees stealing confidential information from the retailer through online storage tools or USB drives.
If you own a small retail shop in downtown Fredericksburg, you may have read the list above and think that none of that applies to you. However, you have likely collected personal information on many of your clients in developing email lists and customer reward programs. Did you know that if you are subject to a breach and that personal information is potential compromised, you are liable to provide each customer with identity theft insurance that costs $200 per customer? If you have information on 1,000 clients, you have a potential cost of $200,000.
Here are some cybersecurity statistics you should be aware of:
- 43% of cyber-attacks target small businesses.
- 60% of small businesses that are victims of a cyber-attack go out of business within six months.
- Small businesses spend an average of $955,429 to restore normal business in the wake of successful attacks.
- 54% of small businesses think they are too small for a cyber-attack.
- 25% of small businesses didn’t realize cyber-attacks would cost them money.
- 83% of small businesses haven’t put cash aside for dealing with a cyber-attack.
- 54% of small businesses don’t have a plan in place for reacting to cyber-attacks.
A cybersecurity assessment will identify where a business is vulnerable and help you create a plan of action. An action plan or cybersecurity plan should include steps the business will take to keep data safe, provide user training, guidance on securing email platforms, and advice on protecting the business’s information assets.
A complete assessment and action plan will include:
- Potential risks and vulnerabilities
- Shared accounts
- Strong Passwords
- User access (need to know)
- Two-Factor Authentication
- Data Backups
- Securing your network
- Your role in cyber security and protecting privacy
- Best practices in security and privacy
The UMW SBDC is here to help. If you would like to have a free, confidential cybersecurity assessment and action plan, please contact your UMW SBDC consultant. If you are not already a client, please complete a Request for Consulting form at umw.edu/sbdc and indicate that you need assistance with cybersecurity. We will contact you to schedule an appointment.