Keep hackers out of your business


You read about it all the time — headline-grabbing data breeches at big companies that compromise millions of customers and suppliers, exposing valuable personal and financial data. The result is ruined credit, tattered corporate reputations and compromised identities.

Here is what you don’t read about every day — data breeches at small and midsize companies. Not because they don’t happen — they do — but because they just don’t capture the headlines. But breeches at small and midsize businesses (SMBs) are actually more common than the splashy, headline-grabbing variety.

If you are running an SMB, you are a direct target for an attack. Small and midsize firms fall victim to the vast majority of data breaches because they tend to:

  • Lack sufficient security measures and trained personnel
  • Hold data that’s valuable to hackers (e.g., credit card numbers, protected health information)
  • Neglect to use an offsite source or third-party service to back up their files or data, making them vulnerable to ransomware
  • Connect to the supply chain of a larger company, and can be leveraged to break in

Our most recent report – a research collaboration with Cisco and the National Center for the Middle Market – is based on data from 1,377 CEOs of small and midsize businesses that tell a similar story. Sixty-two percent of our respondents said that their firms don’t have an up-to-date or active cybersecurity strategy–or any strategy at all. And that’s a major problem, given that the cost of a cyberattack can be high enough to put a company out of business; according to the National Cyber Security Alliance 60 percent of small and midsized businesses that are hacked go out of business within six months.

If you’re among these CEOs, it’s time to make a change. Follow these four steps to start building a cybersecurity strategy that keeps hackers out of your business.

1. Determine your company’s current cybersecurity status.

Bring together members of your senior leadership team, board of directors and investors to conduct an informal audit of the business. Get a sense for the level of security you have today.

Questions to ask: Is anyone in charge of our cybersecurity? What defenses do we already have in place? Is our strategy comprehensive and coordinated? If not can we pinpoint our weak spots?

2. Identify the key person accountable for your cybersecurity.

Engage leaders from across the organization–not just those within IT. Include people from different functional areas, such as human relations, marketing, operations and finance. Other players essential to this conversation are your lawyer and your accountant/auditor.

Questions to ask: Who should be responsible for our cybersecurity? What process can we implement to ensure accountability? How can we communicate and increase awareness about cybersecurity in our different departments and teams?

3. Take an inventory of your assets, determine their value and prioritize your most critical assets.

Identify the “crown jewels” in your company, whether those are employee records, intellectual property or customer data. Recognize that you will never be 100% safe from an attack, so prioritizing areas of defense is important.

Questions to ask: What are the most important assets we need to protect? Customer data? Intellectual property? Employee records? Can we measure the degree of confidentiality, integrity, availability and safety of our most critical assets?

4. Decide what business capabilities and cybersecurity measures you want to manage yourself versus outsourcing.

Consider whether it makes sense to outsource certain aspects of your business to a cloud-based system to increase your security. At the same time, consider whether it makes sense to engage a cybersecurity expert or provider. Decide whether you want to work with a consultant to figure out your cybersecurity plan or if you want to outsource your cybersecurity entirely.

Questions to ask: What aspects of our business–such as order fulfillment–should we handle internally versus outsourcing to a third party (e.g., Amazon, Cisco, Google)? Should we outsource our cybersecurity to a third-party service? Should we use a fractional CIO model and seek out cybersecurity consulting? Or should we handle the entire process ourselves?

The best defense is a good offense.  Make it a priority to protect your data for the benefit of your employees, your customers and the long-term health of your business.

This article originally appeared in Inc. Magazine.


Download the report: Cyberthreats and solutions for small and midsize businesses

Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *

Predefined Skins

Primary Color

Background Color

Example Patterns

demo demo demo demo demo demo demo demo demo demo

Privacy Policy Settings

  • Required Cookies
  • Performance Cookies
  • Functional Cookies
  • Advertising Cookies
These cookies are essential in order to enable you to move around the Sites and use its features, such as accessing secure areas of the Sites and using Vistage’s Services. Since these cookies are essential to operate Vistage’s Sites and Services, there is no option to opt out of these cookies.
These cookies collect information about how visitors our Sites, for instance which pages visitors go to most often. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Cookies used

Visual Web Optimizer
These cookies remember information you have entered or choices you make (e.g. as your username, language, or your region), and provide enhanced, more personal features. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Cookies used

Google Analytics
GTM
Gravity Forms
These cookies are used to make advertising more relevant to you and your interests. The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers. If you do not allow these cookies, you will experience less targeted advertising.