What Does Your Business Stand to Lose in a Cyber Attack?

used with permission from Microsoft US Small and Midsize Business Blog

Not long ago, I blogged here about a new type of cybercrime called ransomware. But when it comes to cyber crooks, apparently they’re also using some old-fashioned methods to breach businesses’ systems. The 2017 Annual Cybersecurity Report from Cisco shows cybercrime is growing. Here’s what could be at risk for your business.

How are cyber crooks getting in?

While highly complex cyber attacks are increasing, the Cisco report notes that “classic” attacks are on the rise as well. For example, adware that gathers information about a user’s computer without telling them and malicious spam emails are common attack methods. In fact, spam is flying at levels not seen since 2010. According to the report, almost two-thirds (65 percent) of all email is spam, and 8 percent to 10 percent of spam is malicious.

Another risk for businesses is when employees select and use their own third-party cloud apps on company computers. Respondents to the survey say more than one-fourth (27 percent) of employee-introduced cloud apps led to “significant” security issues for their companies.

What do you stand to lose?

Of course, money is at stake in any cyber attack — but businesses, especially small ones, often lose much more than that. Security breaches can affect all aspects of a targeted company, from its operations and finance to its brand reputation and customer loyalty.

More than half of businesses surveyed that had their data breached were subjected to public scrutiny as a result. They also suffered some measurable losses:

• 29 percent of businesses that were breached lost revenue; 38 percent of those lost more than 20 percent of their revenues.
• 23 percent of businesses lost business opportunities after a cyber attack; 42 percent of those lost more than 20 percent of their potential new business.
• 22 percent of businesses that suffered a cyber attack lost customers; 40 percent of those lost more than 20 percent of their customers.

How can you protect your business from a cyber attack?

Keeping your small business safe from cybercrime requires constant vigilance to stay on top of new threats. The task may seem so daunting that you’re tempted not to bother — but as the figures above show, no small business owner can afford to take that risk. Here’s what you need to do to protect your business from cyber attacks.

1. Develop cybersecurity practices for your business, including both technical and behavioral protections.
2. Guard your systems with firewalls, antivirus software and automatic updates of operating systems and software.
3. Regularly test the security of your systems. Cyber criminals never rest, and neither can you.
4. Make your employees your first line of defense. Educate employees on the importance of following your cybersecurity policies, such as changing passwords frequently, not opening suspicious emails and not downloading software or connecting to unauthorized cloud services on company computers. Enforce consequences for not following the policy.
5. Identify common methods that cyber criminals use. Emails that appear to be from someone within the company or spam emails with unusual attachments or hyperlinks are things to watch out for.
6. Always back up your data in case of an emergency, and choose a backup system that lets you restore your lost data quickly.

The most important step in protecting your business from cybercrime is taking cybersecurity seriously. As the leader of your business, you need to model the behavior you want your employees to follow when it comes to keeping your business data and networks safe from intruders. Devote time, effort and a chunk of your budget to cybersecurity, and your employees will see that you mean business when it comes to protecting your business.