A couple of weeks ago I attended the Minneapolis Cyber Security Summit 2016 at the J.W. Marriot Hotel in Bloomington Minnesota. There were two days of presentations on cybersecurity issues, and here are a few of the takeaways for small and medium sized business owners.
- There are 28 million small businesses in the United States. The Small Business Administration classifies a business with fewer than 500 employees as a small business.
- Small businesses account for about 54% of all sales revenue.
- 71% of all cyber attacks target small businesses. If you own or manage a small business this should be sobering, and a call to action.
- Cyber-attacks on small businesses cost an average of $7100 to fix.
- In attacks were money was stolen, the amount averages $32,000.
- 60% of small businesses shut down after a cyber attack. Another wake-up call.
- When you partner with a larger enterprise, your risk and liability increases, especially if a breach at your company results in a successful breach of the larger partner.
- Credit card processors have shifted the liability and cost of a credit card incident to the small business.
- Lenders and banks may require cyber-insurance for small businesses. These policies can be expensive, and in many cases don’t protect you if it can be shown that you or your employees were negligent.
- Small businesses need to do a better job with physical security. The days of the company server be under someone’s desk or out in the open are over. Servers and networking equipment need to be in a locked room. Locks, alarm systems, and video surveillance systems may be required.
- Owners an managers need to become acquainted with cybersecurity concepts and best practices.
- Employees need to be trained in the fundamentals of cybersecurity.
- Most small businesses do not have the IT staff or experience to deal with many of these issues, and should partner with a outside cybersecurity service provider to help set up and manage security operations.
On Friday we will provide more ideas and action items for small business cybersecurity.