Cybersecurity breaches are grabbing more headlines than the Kardashian clan, or so it seems. Major companies continue to release information about new cybersecurity compromises, which should make you think about the threat to your business. As if you don’t have enough on your plate as a budding entrepreneur, cybersecurity is as essential to running your company as marketing or bookkeeping.
A lot happens when hackers compromise your data. This is true whether the breach targets data on millions of people (like the Equifax breach) or steals a few customers’ credit card information. Cybersecurity breaches can:
- erode employee and customer trust,
- generate unflattering publicity,
- create unbudgeted expenses,
- decrease shareholder value, and
- lead to legal and regulatory liability.
According to the Ponemon Institute’s 2018 Cost of Data Breach Study, the average cost of remedying a data breach is a stifling $3.86 million—a fatal blow to most small businesses and startups. According to the same study, one in four companies will experience a breach at some point.
Naturally, cybercrime is a growing enterprise itself as people increasingly rely on digital services and data storage. More than three-quarters of Americans own smartphones—and that number continues to rise. Data means dollar signs for criminals, and with a rise in anonymous crypto-currencies such as Bitcoin, cybercrime is a relatively low-risk way to make money. According to a Flashpoint study, Russian hackers who use ransomware can earn over $7,000 per month. In a country where the average monthly salary is equivalent to about $500, the incentive to be a hacker is high.
Here are two common ways cybercriminals target your data and what you can do to mitigate the risks:
- Ransomware: Hackers send thousands of emails containing a link or attachment that can infect your computer with a virus. The virus then encrypts the data on your computer. The hackers then demand a ransom payment in an email or a pop-up window. One way to avoid paying the ransom is to back up your data often, wipe the system clean after the threat, and start over from the last backup. If your business isn’t in the habit of backing up its data, you may opt to pay the ransom (typically ranging from hundreds to thousands of dollars), but there’s no guarantee that the criminals will return the data. Global ransomware costs in 2017 are expected to exceed $5 billion. The best solution, of course, is to prevent the infection in the first place by avoiding suspicious links or attachments and using up-to-date antivirus software.
- Phishing: Cybercriminals convince employees to willingly hand over sensitive information such as email or bank account details. As criminals get more sophisticated, they create more polished, legitimate-looking company communications to get usernames and passwords within a company. Phishing scams usually target large groups of people, but occasionally they take a more personal approach — perhaps a hacker posing as a banker asking an employee to confirm login information. Much like preparing for ransomware attacks, taking the appropriate preventative steps are the best way to safeguard your company against phishing. Make sure your employees are aware of warning signs and establish procedures if they believe something is suspicious or if a system may have been breached.
Becoming a victim of cybercrime takes only one wrong click on an attachment or URL. Teach your employees be cautious when opening their email. If you are compromised, shut down the access and accounts of compromised devices and alert law enforcement. Consider purchasing data breach insurance and using password management tools. Back up your data regularly and use anti-malware and anti-virus software to keep your company’s data — and your livelihood — safe from hackers.