Mounting Security Complexity
Have you ever imagined going through one day without internet?
From the moment you wake up until you go back to sleep, you don’t have an internet connection. You can’t check your email and social media accounts. You can’t chat with your colleagues. You can’t do a video conference with them. You can’t even access all your files and important documents because they are all stored in the cloud.
As a business owner, it’s almost impossible to go through one day without connecting to the internet. Apart from your email and social media accounts, you also have your work apps and tools that helps with efficiency and productivity.
For example, a retailer will have the POS software connected to the eCommerce site. If the POS can’t connect to the eCommerce site, a customer might order an item that is out of stock because someone already bought it in the store.
Or let’s say you want to log/track/manage your expenses, how can you do that when your data is in the cloud? How would you check if your bank has enough cash to pay off a vendor? How can you disburse payroll? All these are real-world scenarios and why cyber security is important for your business.
As you might have already realized, the internet (or the ability to connect to it) is essential to modern businesses like yours.
The Internet Makes Businesses More Efficient and Productive
One of the ways the internet helps businesses be more efficient is the ability to store files in the cloud. With this, anyone on your team can access them whenever and wherever they are.
And as the modern workforce is becoming more mobile (and even global in some cases), businesses will continue relying on the internet (or software or tools or apps that connects to the internet).
This includes storing data (Dropbox, Google Drive, OneDrive), collaborating with each other through a variety of apps/software (Google Docs, Trello, Asana), and communication software (Skype, MS Teams, Slack).
All these rely on the internet to work. It may still work while offline, but it will only have limited functionality.
Hyperconnectivity Is Causing Problems for Businesses
However, this hyperconnectivity has brought about a lot of problems. Before going through these problems, take a look at this brief history of businesses.
Brief history of business
As you may probably know, modern society has gone through three distinct eras or periods of time: agriculture, industrial, and knowledge.
Now is the age of knowledge — where what you know matters more than anything else. Knowledge has become the global currency of 21st century economies.
Knowledge workers (people whose output of work is based on what they know) are the 3rd wave of human socio-economic development.
According to Charles Savage, most of the world’s population will be distributed by the type of work they do:
- 2% of working population will work on land (agriculture)
- 10% will work in industry
- Rest will be knowledge workers
Why and how this is important
The glue that holds modern businesses is its ability to connect with each other and parts of the business through the internet. This has led to the modern workforce scattered across the country (or the world) and created an army of on-the-go entrepreneurs.
These “knowledge workers” often use the internet to get their work done. Just like the examples earlier, if you cannot connect to the internet, it’s almost impossible to get work done.
This makes the internet paramount to the productivity and success of modern businesses. But this has also created a wide range of problems.
Given that the internet is public — no one “owns” it — there’s a growing need for businesses and individuals alike to to protect your data and other sensitive information.
Statistics and Reality of Cyber Crimes
According to a report by HP, nearly half of New Zealand Businesses aren’t prepared for a Cyber Attack. If that doesn’t scare you, did you know that 70% small and medium businesses have been targeted a cyber attack?
“The consequences of a data breach are severe; from financial to brand and reputation damage,” says Grant Hopkins, managing director at HP New Zealand.
There are a lot of different kinds of cyber attacks. According to Hiscox, an insurance company, the most common cyber attacks are the following:
- IP theft — robbing companies of their ideas and inventions
- Phishing — fraudulently pretending to be someone else
- Denial of service — flooding the target with traffic triggering a crash
- Ransomware — locking a computer system until a ransom is paid
If you don’t think this affects you, take a look at this video where they replicated how a cyber attack would happen in real-life.
Top Two Problems When You Can’t Access Your Organization’s Data
Problem 1: Without the ability to access your data, your organization stops working
If you and your employees can’t connect to the internet or access your data, your organization stops working.
Denial of service — one of the most common cybercrime. It can be as “simple” as not being able to access your website (i.e. they changed some files and redirected it to a page that says you’ve been hacked); or causing your web host (and therefore your website) to crash; or not being able to access any files from your servers (ransomware, where you need to pay a certain amount to get the decryption key).
Problem 2: If organizational data gets breached/stolen, it can cost a huge amount of money and create animosity in the eyes of your customers
Getting hacked or getting your data breached/leaked is one of the things that seems to keep resurfacing in the news every week.
Last January, one of the biggest Cryptocurrency wallet Cryptopia was hacked which led them to lose an estimated $2.5m to 3.5m. A few days later, the Collection #1 breach was leaked to the public.
It’s just a few weeks in 2019, these types of news won’t stop soon. With estimates that cyber attacks this year will only increase.
Costs of Cyber Attacks You’re Probably Not Aware Of
Two things happen when your business in involved in a data breach:
- You lose revenues
- You spend more
The first downside of getting breached is you lose the trust of your customers (and would-be customers). This leads to lost revenues for your business. Apart from that, you’d have to spend more to recover what was lost in terms of salaries and fees, not to mention the penalties you may pay.
Remember the Equifax Breach of 2017? After a few months, Reuters reported that breach-related costs will reach $439M by the end of 2018. And this still doesn’t involve money they lost from drops in their stocks, or lost of revenues from their customers.
According to the 2018 Cost of a Data Breach Study, the average cost for each lost or stolen record containing sensitive and confidential information is $148. But with organizations storing thousands (or millions of data), that could add up quickly.
The other cost of a cyber attack is that you spend more to recover the data/information that were stolen. If you’re not prepared, this means hiring security experts that charge you a higher fee because of the urgency/emergency situation.
With lost revenues and added costs, that puts a big dent on your company’s profits. And if you’re a small business without deep pockets, a cyber attack might put you out of business.
Solution: Extra Vigilance and Continuous Education
1. Educate yourself and your organization in online security
The only way to prevent and avoid getting hacked is to educate not only yourself, but also your employees.
First, as a business owner, you should stop believing in these 15 myths about cyber security. Next, don’t assume that your employees are aware and familiar with cyber security. Here are 21 cyber security tips you and your employees can read to avoid getting hacked.
And that’s just the start.
Cyber criminals are becoming smarter. They can bypass any software and go undetected for long periods of time — allowing them time to inflict real damage to your business. According to the same IBM report, it takes an average of 197 days to detect/identify a data breach.
The longer the time it takes for an organization to identify and contain the breach, the higher the costs associated with it.
“If the average time to identify a breach (MTTI) was under 100 days, the estimated average total cost of a data breach was $3.11 million. If it was over 100, the estimated cost was $4.21 million, representing $1.1 million additional cost.”
– 2018 Cost of a Data Breach Report
The best way to avoid a data breach is to educate yourself and your organization about it. We came up with a free 4-day email bootcamp on passwords. You can click here to enroll (or ask your employees to enroll in them too).
2. Implement a cyber security program/policy that covers prevention / cure (i.e. what to do to avoid getting hacked and what to do when you get hacked)
As businesses rely more on the internet, it’s important that everyone in your company is aware of its risks — both personally and professionally.
Below are some steps you can do to ensure that your business will remain vigilant of cybercrime:
Tip #1: Include cyber security as part of onboarding new employees
Never assume that your employees — especially new ones — are aware of the risks of using the internet.
Remember that 47% company breaches are caused by employees; and people have a contribution to 96% of all data breaches. So, make sure you educate your new employees on best practices and ways to avoid getting hacked.
Tip #2: Frequent training / education for current employees
One of the best way to ensure your employees don’t forget about the risks of using the internet, or retain their knowledge in cyber security, it’s best to include frequent reminders about the topic.
You can start with a simple company newsletter every month, then some sort of quiz, or a company webinar that you can conduct live then store it in a company site for employees to watch later on.
Here are some topics you can cover:
- Common scams/phishing methods
- New developments
- Protection of personal devices (esp. at home)
An example of this continuous education is the email series on passwords. We’re coming up with more topics like those in the future. If you want to receive or more information about that, just let us know here.
One important reminder as you think of topics and content for your organization is to make sure the individual can relate to it.
Instead of just talking about potentially losing millions of $, you can talk about losing their entire savings account; or in the case of privacy concerns, their private photos or messages can be leaked.