Cyber attacks happen every second across the world, to businesses of every size in every sector. Headlines broadcast a new cautionary tale every day, making it clear that even for companies with security measures in place, all it takes is a single employee error or a small crack in the armor to bring about a breach.
It’s true that no business is completely immune to an attempted attack. However, some have more to lose: 60% of small businesses go out of business within six months of a cyberattack. It’s those without a good defense or recovery plan that often can’t bounce back. So what can they do to protect themselves?
In short: Be proactive with cybersecurity, don’t cut corners, and plan for the worst.
The Crippling Cost of a Business Breach
The average cost of a breach can be devastating – for small to medium-sized businesses, Kaspersky Lab estimates the average is around $86,500 – but dollars aside, the cost can be immeasurable. Reputation, insurance rates, credit scores, investments, and customer loyalty are all at stake. All told, costs to recover from a breach can total upwards of $100,000.
While enterprise organizations may have more desirable assets for ambitious thieves – large amounts of customer data, for example – growing businesses can be even more vulnerable. (Especially those small businesses that act as vendors for large enterprises.) There’s often more on the line, less collateral, and fewer contingency plans. Imagine if a small business owner personally targeted by a ransomware attack was to give up the business’s credit card information – a highly efficient attack that could take both him and his business out at the knees. If his company were a vendor for an enterprise, that enterprise would also be at risk.
IT Security: A Worthy Investment
None of this is breaking news, and as a result, we’re seeing a positive trend in both awareness of security threats and a willingness to expand IT budgets for better protection. But businesses still aren’t making investments in IT security a top priority. It’s seen more as a necessary evil than a valuable investment in the future.
An IT Security Risks survey shows that while businesses have typically cited compliance, breach notification regulations, and new IT infrastructure components as top reasons for upping IT security spend, some new, less anticipated reasons show a shift in mindset from 2016 to 2017. Businesses are citing more cash flow, more complex transactions, demands from customers, and pressure from new investors and shareholders as reasons to double down on security. This sends a clear message to growing businesses: No matter how small you are, with growth comes a requirement for smarter security. Better security is not a wasteful, “worst case scenario” cost center – it’s an insurance policy for that growth.
Weighing The Cost of Proactive Security
The hesitation to allocate more funds from already shrinking IT budgets likely stems from two assumptions: “It might not happen to us,” and “I can’t afford a full-time security expert.”
It would be a mistake to make the first assumption, as we’ve seen time and again that no business is immune to a threat.
The second reservation, however, is valid: Employing a full-time security professional in-house is likely too expensive for many growing businesses. While it would seem that cyber terrorists never sleep, most SMBs can’t afford around-the-clock talent or find that talent scarce. Businesses know they need to spend money to protect themselves, but what they might not realize is spending now can be much more affordable than spending later.
Of the average $86,500 lost during a breach, small businesses typically spend around $14-21K on outside security experts to help them rebuild. There are also costs like legally required breach notifications, public relations experts, new software, and training to use that new software. Of those potential costs, one stands out: Hiring a security expert to clean up the mess. If businesses were to hire security experts proactively, how much could they save?
The Cost Savings in Being Proactive with Freelancers
What if, instead of facing tens of thousands of dollars in the wake of a breach, businesses turned to flexible, affordable freelance help to ward off expensive data breaches?
Businesses can engage a freelance security expert to audit their network security, create step-by-step recovery plans, and more. This can be done on an as-needed basis, prioritizing security tactics and knocking them out systematically. Here are some tactics to address common breach-causing vulnerabilities.
- Consulting on best practices and employee education. Be sure every employee is aware of best practices, so they’re less likely to be victims of a phishing attack or social engineering scam. You can even “phish test” your own team to make them more aware of the tactics phishing scams use to social engineer.
- Penetration testing and “ethical hacking.” Businesses can hire network pentesters and to hack their own networks and run penetration tests to locate vulnerabilities.
- Implementing policies, protocols, and standards internally, with outside vendors, including freelancers. This prevents individuals from having inappropriate access to IT resources.
- Updating software and systems. Updates aren’t just pesky reminders; they contain patches that help keep systems guarded against common security threats. Older versions are more susceptible to viruses and malware, and often have known vulnerabilities (hence the patch) that hackers can exploit.
- Putting breach detection measures in place. The longer a breach goes undetected, the more data is likely to be leaked.
- Addressing endpoint security. If you have a BYOD (bring your own device) policy or have distributed teams, endpoint security and encryption can ward off the loss of data some 54% of businesses have experienced due to lost devices.
As businesses ask common questions like “Will it happen to me?” Or “Is my company next?” The question they should really be asking is: “What can we do to prevent it?” With the help of top-notch freelance security experts, businesses can avoid financial and other losses in the wake of a breach by having a solid strategy, good recovery plan, and the best defenses.
This article was written by Carey Wodehouse from Business2Community and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to firstname.lastname@example.org.