“I don’t need to do more smart things. I just need to do fewer dumb things.”
Keith Cunningham made this correct observation in his book in his book “The Road Less Stupid.”
Many smart business owners make DUMB decisions when it comes to cyber security. These choices are often based on gross ignorance about what can happen- or on the desire to stick their head in the sand to avoid spending money and time on protecting their assets.
One of the biggest mistakes is thinking you won’t get hacked because you’re too small, or because you “don’t have anything the hackers would want.” Allow me to point out: you’re not too small to get hacked, but you are too small to make headline news. Millions of small businesses get hacked every year – they simply don’t talk about it because of the potential liability, bad PR and loss of client and marketplace trust. They’re embarrassed.
Further, you’re right – hackers, for the most part, don’t want your ‘stuff’, they want the medical records, credit cards, social security numbers, etc. that you have stored. Those are very valuable digital assets that can be sold on the dark-web marketplace – and cyber criminals are in it for the money.
YOU want your stuff.
Cyber criminals will kidnap your information and hold it for a ransom to extort money from you. The majority of kidnappers don’t steal a child because they want to start a family. They steal your children because YOU want your children and they know you’ll pay anything to get them back, safe and sound. This is why it’s called ransomware.
When all of your work files and e-mails go away, very few businesses can pick up from ground zero and keep operating without any losses. Perhaps the solo operator working from home can, but certainly not a small business that has been operating for several years with multiple clients and employees producing work for clients.
60% of small businesses CLOSE FOR GOOD within 6 months of being hit by ransomware.
This usually leads to the question: “Since I’m going to get hacked anyway, why bother spending so much money on cyber security? I’ll just get an insurance policy, back up my data and take the hit.”
While that might sound logical, here’s why it’s a gloriously stupid plan…
Cyber Security insurance companies are in business to make money, NOT pay out policy claims. A few years ago, cyber security insurance carriers were keeping 70% of premiums as profit and only paying out 30% in claims. Fast-forward to today, and those figures are turned upside down, causing carriers to make drastic changes in how cyber security liability insurance is acquired and coverages paid. In fact, the CEO of Zurich Insurance Group recently predicted that cyber-attacks are set to become uninsurable.
Today, getting even a basic cyber security liability insurance policy requires you to prove you have certain security measures in place, such as multi-factor authentication, password management, endpoint protection and tested and proven data backup solutions. These carriers want to see phishing training and cyber security awareness training in place, and some will want to see a WISP, or written information security program or a business continuity plan from your organization. Depending on the carrier, your specific situation and the coverage you’re seeking, the list can be longer.
JUST having your data backed up is no longer enough.
Hackers are on to data backups and create ransomware attacks to not only take your data but also corrupt your backup. The additional threat is that if you don’t pay, they’ll release your files online for all to see, including payroll information, ALL e-mail communications, client contracts and more. Do you really want that in the hands of competitors and the general public? Insurance won’t cover that.
Having cyber-protections in place cannot guarantee you will never get hacked, but it CAN dramatically prevent the damage done and absolutely will block the majority of attempts, preventing you from being low-hanging fruit.
Wearing a seat belt, having a safe car and practicing good driving behaviors (like don’t text and drive) won’t guarantee you’ll never be in a car wreck – but if you do those things, the risk of getting into crash go down dramatically AND your chances of coming out alive and unharmed will obviously increase.
Want a FREE, confidential assessment of your current cyber security status? Click here to schedule a quick 10-minute call to start a discussion and see if you could benefit from a more robust cyber security plan.