A couple of weeks ago I attended the Minneapolis Cyber Security Summit 2016 at the J.W. Marriot Hotel in Bloomington Minnesota. There were two days of presentations on cybersecurity issues, and here are a few of the takeaways for small and medium sized business owners.
- There are 28 million small businesses in the United States. The Small Business Administration classifies a business with fewer than 500 employees as a small business.
- Small businesses account for about 54% of all sales revenue.
- 71% of all cyber attacks target small businesses. If you own or manage a small business this should be sobering, and a call to action.
- Cyber-attacks on small businesses cost an average of $7100 to fix.
- In attacks were money was stolen, the amount averages $32,000.
- 60% of small businesses shut down after a cyber attack. Another wake-up call.
- When you partner with a larger enterprise, your risk and liability increases, especially if a breach at your company results in a successful breach of the larger partner.
- Credit card processors have shifted the liability and cost of a credit card incident to the small business.
- Lenders and banks may require cyber-insurance for small businesses. These policies can be expensive, and in many cases don’t protect you if it can be shown that you or your employees were negligent.
- Small businesses need to do a better job with physical security. The days of the company server be under someone’s desk or out in the open are over. Servers and networking equipment need to be in a locked room. Locks, alarm systems, and video surveillance systems may be required.
- Owners an managers need to become acquainted with cybersecurity concepts and best practices.
- Employees need to be trained in the fundamentals of cybersecurity.
- Most small businesses do not have the IT staff or experience to deal with many of these issues, and should partner with a outside cybersecurity service provider to help set up and manage security operations.
On Friday we will provide more ideas and action items for small business cybersecurity.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com