Think your business is too tiny to get hacked? Think again. Attacks against small businesses are rising in number and diversifying in type.
Cybersecurity thefts last year cost businesses an estimated $450 billion — and a growing portion of those were against small businesses, said Brett Hansen, the executive director of Dell Data Security Solutions. He and Michael Kaiser of the National Cybersecurity Alliance sketched out the threat landscape and recommendations for small business security at this year’s South by Southwest Interactive conference in Austin, Texas (watch full video here or below).
The data on attacks can look daunting, prompting some small business owners to just rely on legacy technology or, worse, the hope they can fly under hackers' radar. The good news is that no one is facing the threat alone and, with some structured thinking and appropriate technology, the risk can be mitigated.
“What a CSO is facing at a large company is no different than what a CEO is facing at a small company,” said Mr. Hansen. That boils down to: “I need to balance a mobile, productive, collaborative, efficient workforce, getting my business done as effectively and efficiently as possible, but at the same time maintaining a risk profile that will allow me to protect myself.”
Here are some of the emerging threats that can prove crippling for small businesses:
- Bank account hacks. Hansen notes that there has been a significant growth over the past six months in small business bank accounts getting hacked. The average loss is $35,000.
- Ransomware. This type of malicious code downloads to your computer and encrypts everything on the device – and potentially across your entire network. The average cost for a small business is $25,000.
- Intellectual property theft. This is a particular risk for IT and technology-focused companies.
Many businesses are inundated with cybersecurity solutions offered by an array of vendors. Hansen recommends taking a step back and thinking through your specific security problems before wading into the marketplace filled with promised solutions.
Step 1: Do a data inventory. What are the things I need to protect? And where are my data crown jewels kept?
Step 2: Ask yourself, how does the day-to-day conducting of business put that data at risk?
Sept 3: Only now should you ask, how do I build a solution to address those risks? “If you jump right to solution, you are openly going to fail this endeavor,” said Hansen.
These talks were part of a series of discussions hosted at Passcode's booth at SXSW. See all that Passcode, Dell, Mozilla, and the Center for Democracy and Technology were up to at SXSW and watch the other talks.