Part 1. An Overview
Cybersecurity needs to be a strategic aspect of your business. What are the important assets of your business? Well, certainly your plan and vision for the service or products. If you have a retail operation, then add in your physical presence and location. Also important are your inventory, suppliers, and employees. But your clients and customers are among your most crucial assets. All of the above roll up into how people see your business: quality products or services and your reputation in your community.
Now imagine that your information regarding clients, suppliers, employees, and your financial activity is stolen by a hacker. This is not an acceptable response: “Oh, I’m not concerned about that. We’re just a small business. Nothing like Target or Experian or one of the megabanks.”
If your customers’ data is stolen, you will have to inform them of the breach and possible compromise of personal information, possibly including checking or credit card accounts. Imagine the hit your business reputation will suffer. Trust can be wiped out in an instant and may take months or years to recover.
Industry wide, some hackers are concentrating on small or fledging businesses because they assume many have not addressed the serious consequences of having some or all of their business assets attacked. Where might this attack come from? It could be as simple as your email inbox!
First, let’s start with an overall view of why putting your cybersecurity in place is so important. Let’s take a quick look at the terminology.
• Ransomware: Having your business information encrypted and having to pay to get your information back to a useable form.
• Phishing: Legitimate-looking email requesting you confirm your account login information for security reasons.
• Data breach: The stealing of complete copies of your business working data such as banking accounts, customer and supplier data, employee information, marketing and sales plans, etc.
Beyond the initial shock of the information loss, there will be concomitant costs. First and foremost is the loss of trust your business suppliers and customers have placed in you. There may be downtime while you recover or reconstruct the affected data. There may be legal costs regarding remedy or protection for your suppliers, customers, employees, and so on. Just mentioning “Identity Theft” to someone can cause worries about months of correcting financial liabilities and, possibly, false tax filings.
These hacking tactics and the recovery time and money required are not just an IT responsibility. To a small business, it probably will be an issue of survival!
Addressing cybersecurity efforts must originate at the business-owner level. If business owners have not made cybersecurity a priority, it will be too easy to put off these tasks. It’s too easy to find “more immediate or important things” to work on.
In well-run businesses, each employee knows the strategic and tactical plan for keeping the business healthy. There are things that personnel at all levels of the business can do to protect company assets.
You should at least explore what professional help could do for you to get cybersecurity plans, protocols, and education started. If you wouldn’t be comfortable rebuilding a computer server or fixing a damaged CRM database, you will likely be better served by having professional help.
Cybersecurity isn’t a one-time project or a “set-it-and-forget-it” task. It requires ongoing attention. Hackers evolve their tactics constantly, and your defenses must evolve too. It’s a game of leapfrog—each time a new threat emerges, your systems must adapt. That’s why regular security check-ups are essential to keep your business protected and up to date.
Small businesses do not usually have the financial resources of a big company such as General Electric or Citibank. An important consideration in using consultant help is choosing someone who understands the needs and financial constraints of operating a small business.
To help frame the topic of cybersecurity, an analogy might be helpful. Having cybersecurity plans, protocols, and tactics in place before a hacker attack is attempted is a form of Loss Prevention. It’s also very much like insurance. You don’t need it until your business is attacked and then, nothing else will do.
See Part 2. A Brick-and-Mortar Look at Cybersecurity
William M. Hand, President, PC Assistants, Inc.
Remote and On-Site Computer Support for Office and Home
(262) 853-4089
[email protected]