You hear on the news all of the time about big cyber attacks such as ransomware on large corporations, and even government agencies. The trouble with this news coverage is that is suggests a distorted view of where cyber attacks are taking place. These attacks are not solely hitting large organizations. Small businesses represent a significant portion of those who face cyber attacks. Being small by no means keeps you immune. In fact, small firms can be used as conduits to larger organizations. That is likely what happened in the case of the Target data breach back in 2013.
If
you're a small business, then you're a target for cyber criminals. Last year,
71% of small to medium size businesses were the victims of cyber attacks.
Today's concern is how you would respond to an attack. 31%
of small to medium businesses do not have an incident response plan for
responding to IT security breaches, and 22% admit that they lack the expertise
to make such a plan. A data breach can have a disastrous impact such as loss of
revenue, loss of reputation, or can even cause your small business to fail (see
this
article about the 300 employee telemarketing firm in Arkansas that went out
of business in December 2019 after a ransomware attack).
Your incident response plan determines whether it's a
survivable disaster. You need to have a statement for customers ready, (47
states require businesses to disclose data breaches), you need to be able to
quickly access backups, and you need access to professionals with experience in
disaster recovery and business continuity. Cyber insurance can help too.