Your business isn’t huge, but is chugging along nicely. And as it matures, so is the Ransomware designed to attack it. That means the odds are getting stronger that your company is going to get hit. Symantec’s 2016 Internet Security Threat Report states that phishing campaigns alone target small businesses 43% of the time.1

  • 50% of  SMBs have been breached in the past 12 months 2
  • Of the  SMBs who claim to have suffered a breach, 60% of employees use the exact same password for everything they access, while 63% of confirmed data breaches leverage a weak, default or stolen password. 3
  • 60% of small companies that suffer a cyber attack go out of business within six months. 4

JP Morgan Chase made news with their $500M budget for cybersecurity in 2016, in step with Bank of America’s Davos announcement that cybersecurity spending would not be constrained.5  And your smaller organization has about $680,000 – $1M6 set aside to make it through a cyber attack, right? Oh, no – are you shaking your head? It’s time to enact a strong plan for cyber preparedness. Here’s what you can do:

  • Stay up to date! This means everything – your security software (antivirus and antispyware), web browser, operating system, email accounts and the many, many passwords scattered across your business’ cyber doorways. If an employee moves on, immediately cancel their log-in status; this includes external accounts where they had access, like your company’s LinkedIn, Facebook, or project management accounts. (This may seem obvious, but is so easy to slip through if departments haven’t informed IT of the existence of these accounts.)
  • Lock ‘em up! Every device, company-wide, should have a strong, one-of-a-kind private password assigned to it. Find tips on strong passwords here. Mobile devices and computer screens should automatically revert to passcode access when not in use. Electronic devices that have Internet connections should have their factory-generated passwords replaced. One overlooked port of access to your system could be your company’s printer. Make sure it isn’t the weak point in your otherwise secure network.
  • Encrypt it! More companies are migrating from physical to virtual servers for data storage. But do they encrypt it first? The cloud gives the illusion of total security, but to truly take advantage of that, encryption before storage is the way to go. Back on the planet you need to continue using a firewall and encrypt your information.
  • Cultivate the culture! It’s all about awareness. Even if you don’t have a CSO on your team, everyone at your business should be aware that security is a top priority. Provide employees with comprehensive training on how overall security, and specifically the handling of sensitive information, is part of their job.7
  • Plan ahead! Create a business continuity and incident response plan.8 If a breach happens, your team can leap into action.  First, acknowledge that an attack to your business is likely. Next, set up the right team to deal with an attack, and be sure everyone is aware of their responsibility in such an event. Third, and this is essential, keep your plan up to date! Be sure that key players are updated as people exit your company; run readiness drills to catch technology issues and human errors ahead of time.9

Even if you have enough cash to pay a ransom fee and clean up the mess, will you be able to recover your company’s reputation, and your clients’ trust? Rather than waste time worrying about what hasn’t happened, make the move now to ensure it never does.