Small business has faced a critical challenge as cybercriminals most attacked them in the past years. In addition, their limited financial sources and business continuity plan often lead to bankruptcy. 

The small business cyber crisis is becoming severe as the growth and sophistication of cybercriminals, ransomware, and attacks have peaked. CEOs of these organizations can no longer ignore the devastating implications to their businesses and foolishly think that such cybercrime won’t happen to them.

Large or Small Business

Cyber-attacks know no boundaries. There is no immunity as long they get a chance to exploit your vulnerabilities and get into your system. Our previous blogs discussed the different attacks they are capable of. Furthermore, we also have presented statistics and methods on how to protect your businesses. However, according to the latest study, cases are still rising. 

If you are still depending on an on-call IT guy and think it’s more effective and convenient, you may need to read and understand our recently posted blog

When you fall to a victim of cyber-attacks by no fault of your own, will they call you?

Victims of other crimes such as burglary, rape, mugging, carjacking, theft; often get sympathy from others. And eventually, supports comes flooding in many forms possible.

But if your business is the victim of a cyber-attack, you will never get the same amount of sympathy. It’s incredibly unfair, isn’t it?

Small Business Cyber Crisis Alarming Facts

Instead of getting sympathy, you will be investigated and questioned about what you did to prevent this from happening – and if the answer is not adequate, you can be found liable, facing serious fines and lawsuits.

According to Georgia laws, you will be required to tell your clients and/or patients that you exposed them to cybercriminals. The following will add weight to your burdens:

  • Your competition will have a heyday over this.
  • Clients will be irate and leave in droves.
  • Morale will tank and employees will blame you.
  • Your bank is not required to replace funds stolen due to cybercrime.
  • Unless you have an extremely specific type of insurance policy, any financial lossess will be denied coverage.

Take it from us as a managed service provider; you should never underestimate the importance and likelihood of cybersecurity threats. It is always not safe to assume your IT company (or guy) is doing everything they should be doing to protect you. There is a high probability they are not, which we can demonstrate with your permission.

We're small business...Not My Company...Not My People...

We all hope it’s true, but unfortunately, it’s the opposite. That is exactly what cybercriminals want you to believe. It makes you an easy prey because you put ZERO protections in place, or if there are, maybe inadequate ones.

Eighty-two thousand new malware threats are being released daily, and half of the attacks are aimed at small businesses. Wonder why we don’t hear this, simply because the news wants to report on big breaches. Moreover, the company kept quiet for fear of attracting bad publicity, lawsuits, data-breach fines, and out of embarrassment. Change it now if you still have that slogan in your mind and for your business.

Cybercriminals are not the only party that concerns your business

Evidence is overwhelming that disgruntled employees, both your company and your vendors, can cause significant losses due to their access and knowledge of your organization and accounts.

Check this out to know some of the damages they can do.

  • They leave with YOUR company’s files, client data, and confidential information stored on personal devices, as well as retaining access to cloud applications, such as social media sites and file-sharing sites (Dropbox or OneDrive, for example), that your IT department doesn’t know about or forgets to change the password to.

According to an in-depth study conducted by Osterman Research, 69% of businesses experience data loss due to employee turnover, and 87% of employees who leave take data with them. What do they do with that information? Sell it to competitors, BECOME a competitor or retain it to use at their next job.

  • Funds, inventory, trade secrets, client lists and HOURS stolen. There are dozens of sneaky ways employees steal, and it’s happening a LOT more than businesses care to admit. According to the website StatisticBrain, 75% of all employees have stolen from their employers at some point. From stealing inventory to checking and credit card fraud, your hard-earned money can easily be stolen over time in tiny amounts that you never catch.

Here’s the most COMMON way they steal: They waste HOURS on their dime to do personal errands, shop, play games, check social media feeds, gamble, read the news, and a LENGTHY list of non-work related activities. Further, suppose your IT company does not monitor what they do and limit what sites they can visit. In that case, they could do things that put you in legal jeopardies, like downloading illegal music and video files, visiting adult content websites, gaming, and gambling – all these sites fall under HIGH RISK for viruses and phishing scams.

  • They DELETE everything. A common scenario: An employee is fired or quits because
    they are unhappy with how they are being treated – but before they leave, they
    permanently delete ALL their e-mails and any critical files they can get their hands on. If
    you don’t have that data backed up, you lose it ALL. Even if you sue them and win, the
    legal costs, time wasted on the lawsuit and on recovering the data, not to mention the
    aggravation and distraction of dealing with it all is a far greater cost than what you might
    get awarded, might collect in damages

How Can Cybercrime damage your Company?

1. Reputational Damage

What’s worse than a data breach? Companies like Yahoo! are learning that lesson the hard way, facing multiple class-action lawsuits for NOT telling their users immediately when they discovered they were hacked. Furthermore, with Dark Web monitoring and forensics tools, WHERE data gets breached is easily traced back to the company and website, so you cannot hide it.

2. Government Fines, Legal Fees, Lawsuits

Breach notification statutes remain one of the most active areas of the law. The courts are NOT in your favor if you expose client data to cybercriminals.

3. Cost, After Cost, After Cost

According to the Cost of Data Breach Study conducted by Ponemon Institute, the average cost of a data breach is $225 per record compromised, after factoring in IT recovery costs, lost revenue, downtime, fines, legal fees, etc. How many client records do you have? Employees? Multiply that by $225, and you’ll start to get a sense of the costs to your organization. [NOTE: Health care data breach costs are the highest among all sectors.]

4. Bank Fraud

If your bank account is accessed and funds were stolen, the bank is NOT responsible for replacing those funds. Take the true story of Verne Harnish, CEO of Gazelles, Inc., a highly successful and well-known consulting firm, and author of the bestselling book The Rockefeller Habits.

5. Using YOU As The Means To Infect Your Client

If they hack your website, they can use it to relay spam, run malware, build SEO pages, or promote their religious or political ideals. (Side note: Therefore, you also need advanced endpoint security, spam filtering, web gateway security, SIEM, and the other items detailed in this report, but more on those in a minute.) Are you okay with that happening?

Is Your Current IT Company Doing Their Job?

If your current IT company does not score a “Yes” on every point, they are NOT adequately
protecting you. Don’t let them “convince” you otherwise and DO NOT give them a free pass on
any one of these critical points.

Set A

1. Have they met with you recently – in the last 3 months – to specifically review and
discuss what they are doing NOW to protect you?
2. Do they proactively monitor, patch, and update your computer network’s critical
security settings daily? Weekly? At all? Are they reviewing your firewall’s event logs for
suspicious activity?
3. Have they EVER urged you to talk to your insurance company to make sure you have the right kind of insurance to protect against fraud? Cyber liability?
4. Do THEY have adequate insurance to cover YOU if they make a mistake and your
network is compromised?
5. Have you been fully and frankly briefed on what to do IF you get compromised? Have
they provided you with a response plan? If not, WHY?
6. Have they told you if they are outsourcing your support to a 3rd-party organization? DO YOU KNOW WHO HAS ACCESS TO YOUR PERSONAL COMPUTER AND
NETWORK?
7. Have they kept their technicians trained on new cyber security threats and technologies, rather than just winging it?
8. Do they have a ransomware-proof backup system in place?
9. Have they put in place a WRITTEN mobile and remote device security policy, and
distributed it to you and your employees?
10. Do they have controls in place to force your employees to use strong passwords?

Set B

11. Have they talked to you about replacing your old antivirus with an advanced endpoint
security?
12. Have they discussed and/or implemented “multi-factor authentication” for access to
highly sensitive data?
13. Have they recommended or conducted a comprehensive risk assessment every single year?
14. Have they implemented web-filtering technology to prevent your employees from going to infected websites or websites you DON’T want them accessing at work?
15. Have they given you and your employees ANY kind of cyber security awareness
training?
16. Have they properly configured your e-mail system to prevent the sending/receiving confidential or protected data?
17. Do they allow your employees to connect remotely using GoToMyPC, Log Me In or
TeamViewer?
18. Do they offer, or have they at least talked to you about, Dark Web/Deep Web ID
monitoring?

A Preemptive Independent Risk Assessment:
The Only Way You Can Really Be Sure

A Security Assessment is exactly what it sounds like – it’s a process to review, evaluate, No and
“stress test” your company’s network to uncover loopholes and vulnerabilities BEFORE a cyber event happens.

For a limited time, we are offering to give away a Free Cyber Security Risk Assessment to a
select group of businesses. This is entirely free and without obligation. EVERYTHING WE FIND
AND DISCUSS WILL BE STRICTLY CONFIDENTIAL.

Today is the time to get the facts to be certain you are protected. All you have to do is schedule your Free Cyber Security Risk Assessment, contact us at 770-486-2070 or go to: www.affinityittech.com/contact-us. or dop us an email at [email protected]