Half of all U.S. small businesses were breached in 2016, according to 2016 State of SMB Cybersecurity Report. Disruption to normal operating expenses costs an average of $955K, which can be devastating to small business owners.
As part of Kabbage’s ongoing effort to help small businesses to be successful, Kabbage recently surveyed more than 800 customers and nearly half (47 percent) plan to invest in cybersecurity products and services in 2018.
Hackers find value in obtaining employee and customer data, bank account information and/or intellectual property, no matter the size of the business. Today, more than 70 percent of attacks are targeted toward small businesses, largely due to the their beliefs that they won’t be hacked (mostly due to their size).
With the 2017 Equifax hacks, consumers are learning that organizations that store their credit data are a treasure trove that can be used to steal their identity. Cybersecurity has quickly become a pressing concern and need among all small businesses.
To protect their company’s sensitive data, all small businesses should consider investing in training and implementing cybersecurity best practices, which includes identifying the sensitive data the business holds; identifying how that data is collected, who collects it and where it’s stored; educating users on how to protect it; restricting access to the data; monitoring it; and protecting it during transit and storage.
Of the companies Kabbage surveyed, the majority fall in the IT, medical or accounting industries. In 2018, many organizations will be required to be compliant with the GDPR, the General Data Protection Regulation for the European Union.
“As an accounting firm that runs completely in the cloud, we have to be very vigilant to protect not only our data but also the data of our clients,” says Kabbage customer Tina Garza, founder and owner of Accountingprose, a modern and tech-forward accounting company for small businesses.
Accountingprose’s largest investment is in their software partners.
“We spend a great deal of time vetting our partners, making sure that they use industry-leading security measures, including banking level encryption, super secure and co-located data centers and multiple layers of personal authentication,” Garza says.
Many businesses require vendor agreements before they partner and share data. These agreements include a requirement to provide a level of cybersecurity provisioning, which may include an audit or affirmation of the level of security controls in place to protect sensitive data that is shared.
Along with working with and vetting vendors, Accountingprose also believes in educating both employees and clients on a continuous basis.
“It’s our responsibility to continue to educate our team and our clients, so that we can be hyper aware of the current cybersecurity landscape,” Garza says. “We also work with our clients to educate them about how to be vigilant against phishing or social engineering scams and how to create and store credentials safely.”
Garza sees the quick evolution of technology, recognizing the rewards and the risks that come with it.
“We must build security protocols into our best practices and constantly improve upon them, as technology and breaches in technology change swiftly,” she says.
Small businesses should also keep in mind the growing trends of cybersecurity. Cyber insurance, one of the fastest evolving segments of the insurance industry, is likely to be a major driver in the cybersecurity universe.
Insurance companies have thus far played it safely and slowly when calculating the risks of a cyberattack. However, it’s predicted they will begin measuring these risks by understanding how a company’s assets would be impacted by a cyberattack, especially considering the growing types and presence of online threats. These assessments will be used to price the policy.
According to the National Cybersecurity Society (NCSS), the three largest industry factors on the horizon for small business are ransomware; CPU vulnerability from Meltdown and Spectre; and GDPR and data protection requirements from the European Union (EU).
“Many companies are global or have partners that are global,” says NCSS CEO, Mary Ellen Seale of the EU requirements. “So, there will be a spillover effect of requirements that will need to be addressed.”
The two CPU vulnerabilities will require manufacturers to replace the operating systems and processors for many systems on the market. When these new machines are available will require small businesses to invest in new equipment. Ranswomware attacks will likely continue to affect all industries.
“It’s important to not assume that just because we have not been affected, that we are not at risk of being hacked,” Garza says.
Investing in the right business practices, tools and software to protect intellectual property and consumer data is a top priority for small businesses looking to invest in cybersecurity this year. However, some small businesses may be concerned about the costs of these investments.
A variety of factors play into these costs, including company size, industry, compliance considerations, company risk appetite and more. On the other hand, the costs of a cyberattack can potentially close a business. Starting to address a company’s vulnerabilities and building safe a secure infrastructure can be done cost effectively, if a company is guided throughout the process.
Nearly half of small to midsized business owners have taken the right step in growing their businesses. These businesses that plan to allocate their budgets into cybersecurity efforts should learn how use those funds wisely. Fortunately, Kabbage offers a free one-year NCSS membership to customers to help them with these investments.
Constantina Kokenes is an SEO & Content Specialist at Kabbage, a fully-automated online lender for small businesses. She holds a Master’s degree from Northwestern University. She has been featured in Huffington Post and Advertising Weekly.