SMALL BUSINESS DEVELOPMENT CENTER
56
CUSTOMER TRUST AT STAKE
The stakes are high — and they go way beyond monetary
losses. Your customer’s trust is on the line.
“Every company out there these days may be swept up in some
broad attack that is happening out there. Every threat actor is relevant,”
Campbell says, noting that the costs of one of the ransomware
attacks, NotPetya, was $10 billion worldwide.
“I’m sure there were companies that went out of business
because of that attack. And how do you build trust with your
customers if your site is down for a week while you are figuring
out whether you are going to pay a ransom or not? For hospitals,
it’s lives on the line.”
Campbell believes having a cyber insurance policy is becoming
a cost of doing business but warned that small businesses
need to make sure they have the right controls in place. He’s seen
instances of insurers denying claims because the company hadn’t
done certain things that were required.
Cybersecurity is a big focus for PwC, says Campbell, who is one
of six partners in the Southeast dedicated to cybersecurity and
privacy. “With all sizes of companies, we try to address this risk that
is real, and sometimes underestimated, so when it does happen
to them — and it is not if, it’s when — they are able to respond
accordingly and have their business back up and running quickly.”
The Florida Small Business Development Center Network has a
program and a website dedicated to cybersecurity education and
advice. That website offers a guidebook, videos and other information.
See: FloridaSBDC.org/services/business-continuation/
cybersecurity/ .
In addition, the Florida SBDC at Indian River State College occasionally
TCBusiness.com
holds seminars on the topic.
MORE ADVICE FOR SMALL BUSINESSES
Here are some other recommendations gleaned from the
reports cited in this article and from the Small Business Development
Center’s guide:
• As you put your cybersecurity plan into place, consider firms that
have experience in helping small businesses respond to cyber attacks.
Your IT or managed service provider may have suggestions.
The main function of a competent incident responder is to quickly
identify the issue, stop the attack and minimize damages.
• Go beyond passwords (and there is an alarmingly high number
of companies that don’t even have a strong password policy). Require
two-factor identification for everything, including customer
facing applications, any remote access and cloud-based email.
• This sounds super basic, but it’s often not done, especially
among small businesses: Keep your operating system and antivirus
software up to date and patch your operating systems as soon
as they become available.
• Web application compromises now include code that can capture
data entered into web forms, so consider adding file integrity
monitoring on payment sites, in addition to patching operating
systems and coding payment applications.
• Your employees are your first line of defense against cyber
attacks. They need to be trained to avoid becoming victims of
phishing attempts and to report strange computer activity. Are
company guidelines in place about the security of data on company
laptops and on the use of unsecured Wi-Fi?
• Speaking of employees, we know you love them, but about a third
of cyber attacks on businesses last year were inside jobs: Monitor
and log access to sensitive data, quickly move to shore up the access
when an employee leaves the company and be vigilant. v
/www.workforcefirstaid.com
/www.veroinn.com
/
/TCBusiness.com