Cybercrime is big business, more profitable than the global trade of all major illegal drugs combined and estimated to cost the world more than $6 trillion annually by 2021, according to the Official CyberCrime Report published by Cybersecurity Ventures. And the current COVID-19 pandemic, which has more people working from home where they may have less cyber security, will only add gasoline to the fire. Hackers thrive on chaos, whether it’s real or perceived.
Stories about hacks of large corporations like Target, JP Morgan and Equifax may lead small business owners to believe their operations aren’t big enough to attract the attention of cybercriminals. But they are. Unfortunately, our business recently became one of those millions of examples.
Earlier this year, the wire transfer of a large commission payment for our successful sale of a construction business was diverted to an account in the United Kingdom, which was closed instantly after the theft. That money represented the forecasted revenue for the first quarter of our fiscal year. What we’ve learned in trying to recover it is that without cybersecurity insurance, and even with it, you fight an uphill battle that involves tremendous amounts of time, cost and stress, in an arena where fault is extremely difficult to assign. We are still battling and hoping, but as time continues to pass, we’ve grown weary with the thought that our lost commission will be just that–a loss.
Our advice to you: Protect your data and your business! Talk to your insurer about cyber protection if you haven’t already. Evaluate your risk of data breach and learn how to safeguard your business by accessing The Cybersecurity Toolkit for Small Businesses, created by the Global Cyber Alliance. It’s free of charge and allows owners of smaller firms to navigate the confusing array of advice, shore up cyber defenses and reduce cyber risk.
This toolkit incorporates guidance from some of the world’s leading cybersecurity organizations, including the Center for Internet Security (CIS) Controls, the UK’s National Cyber Security Centre Cyber Essentials and the Australian Cyber Security Centre’s Mitigation Strategies, and explains how to:
• conduct inventories of devices and applications so business owners can act more quickly to protect them
• update security settings of devices to identify any issues automatically
• protect accounts with strong passwords and two-factor authentication
• access a range of tools to prevent common attacks and ensure devices are backed up in the event an attack does occur
• protect the company brand and ensure emails and websites are not being used fraudulently or for malicious purposes
• implement policies and train employees to identify and avoid phishing emails.