Yet another instance where small business is threatened. It’s hard for small businesses to justify spending increased amounts of money on security. Money is already stretched as far as it can go. And small business owners and their teams may even do the risk analysis to determine that they don’t have known threats. After all, this instance was with dry cleaners, how many threats do they have? And these could absolutely be right.
However, as this case points out, the point of sale (POS) terminal was targeted. This looks almost like a drive by attack. The attackers could have known nothing about the company affected but simply identified it as an easy victim and the impacts are long term.
When you are doing your risk analysis consider these facts:
- Approximately 90% of breaches or security issues impact small businesses;
- 62% of cyber breach victims are small to mid-sized businesses;
- The average cost of legal fees for a breach is $690,000 (propertycasualty360.c0m – 27 May 2015);
- 31% of customers terminate relationships with businesses involved in breaches or cyber attacks
Some additional costs that occur for small business victims of cyber attacks:
- Mandatory forensic examination of systems and devices;
- Timely and continuous notification to customers;
- Credit monitoring for affected customers;
- Compliance fees;
- Liability for fraud charges;
- Card replacement fees
- Upgrade or replacement of affected systems or devices
Most times you don’t implement security measures because you don’t have the resources, but perhaps this should be part of the risk assessment when considering what to do.
You can never or will never have the 100% solution to security. But you have to start somewhere.
- Look at the threats.
- Identify your critical information and resources; assess your risks.
- Implement security policies, even if you are a sole proprietorship.
- Implement security training. Start with the most obvious and work from there – even if it’s just catching up on the latest threats. Build it out.
- Develop a reporting process for employees to identify issues and report information you trained them on identifying. If you are a sole proprietorship, have a reporting process that includes reporting information to authorities.
- Build a response plan and a contingency plan.
- Rehearse it. Just like you would a fire drill, run through a simulation. The first one will be painful but it will get better.
- Continuously assess and evaluate your threats, your policies and your training.
It sounds daunting and it can be. Don’t overwhelm yourself, and take it one step at a time. It is a process and it builds upon itself so don’t rush through it. If you need help, don’t hesitate to ask, we’d love to provide feedback or work through the cycle with you.