You start a business. You grow it. And with this success comes tremendous responsibility to protect your company’s data as well as customer information from purchases they have made or marketing campaigns in which they were targeted. Sounds simple enough, right? Well, in today’s landscape where cyber security breaches are more common and sophisticated than ever for companies large and small, a focused—and sometimes costly—approach is required that might include a combination of hardware, software and outside services and consultants. We recently asked NAWBO members how they’re protecting their businesses from a cyber security breach, and here’s what they had to share:
“We just got a new program to protect our firm’s data, particularly banking and personal information that we get from our clients. We are very conscious about that because we have a lot of confidential information and we don’t want to do anything that puts our customers’ confidence and trust in us at risk. We have never been hacked—knock on wood—because we previously had two pretty good programs, but my daughter [her partner in the law firm] said this new program will encrypt the data even better. We know we would never open an email from someone we don’t recognize; that’s a basic thing. My son-in-law is in IT so if I don’t know what it is, I shoot it over to him and he’ll say delete this or don’t open that. I have some outside help with it!”
—Carol Keough, Barita & Keough Law Firm, NAWBO-Houston
“I’m just coming out of an eight-year journey as a bank executive looking at process improvement and operations and I just reintroduced my personal business, New Day Solutions. With my personal business, it’s all around protecting my documents, so I have malware protection software on my computer and other devices. I also have the latest password security feature so my passwords can’t be compromised. In the corporate arena, it’s a huge thing right now. Part of what I talk to the bank about is to structure certain things to ensure employees are aware of security threats. It’s a mandate from the regulators but also important from an intellectual property and brand exposure perspective. Having sound safe cyber security is essential.
Risk is everyone’s business; whether it’s a cyber security risk or other type of threat, everyone needs to be on the same page. Having a good cyber security officer in place who understands code exposure and malware, and having tests, validations and audits done is Business 101. Your employees shouldn’t be sending out personally identifying information via email. They shouldn’t click on links of suspicious phishing emails. In smaller companies, it may be that the person answering the phone is told the computer system has a problem and they start walking them through it. And now, they’ve opened the secret back door to their information services.
There are cyber consultants—just like any other outsource model—you can outsource a security review to and have a contractor come in and do an evaluation. Pooling those type of resources may feel expensive, but the return of those investments is huge in the prevention space.”
—Lori Day, New Day Solutions, NAWBO-Virtual (based in Jacksonville)
“One of the big things I’ve done is I am a cash-based business so we don’t hold onto any credit card information. It’s one of the pieces right now that I don’t feel comfortable doing in case of a breach. I only have one clinic so it’s not too much of an inconvenience to my clients right now. I do it to protect myself. I also took another step, which is a very costly one. When you work in health care, you need to be HIPPA compliant, so I am with GoDaddy to make sure that anything I am delivering message-wise to people is in a secure system. Still, you’re only as secure as GoDaddy and as we know, everyone is being breached. But at the end of the day, I can rest knowing that as far as I know, I have done everything within my power that I know of right now.”
—Christine Roper, Roper Physical Therapy, NAWBO-Charlotte
“I haven’t been impacted by a breach personally, but it’s a really, really important element that everyone needs to be involved in—from a simple email that you get at home to a major corporation that you may run or own. I think that’s a hot topic that everyone needs to stay on top of. We need to stay abreast of what’s happening and how it can impact us to keep us all aware.”
—Donna Joseph, DMJ Group, LLC, NAWBO-Detroit
“At our firm [she is a CPA in addition to a business owner], we have a whole IT department that is constantly on top of that. They put up a lot of firewalls and protections because this is all of our client information that we have in our system. We have been targeted before so it’s very important to stay on top of that. As a small business owner of a shoe company, I will tell my clients to watch out for things—be careful and don’t click on that if you don’t know what it is. It’s easy to get hit and lose all your photos or have to pay a ransom to get your stuff back, and you still might not get it back. It’s definitely important.”
—Daria Brown, Once Upon a Shoe, NAWBO-Inland Northwest
“I pay a service to monitor my website and alert me about anything. I am fortunate to have not had a security attack. That’s the thing that gets me the most nervous and gets me far away from feeling relaxed. I wish the process of having a website and taking payments online was simpler for me. I just feel like I don’t want anything bad to happen to me or to my customers. That’s the real challenge.”
—Kim Osterhoudt, Jams By Kim, NAWBO-Central and Northern New Jersey
“Cyber security is huge in my industry [she is a financial advisor]; absolutely huge. I’m very aware of every aspect of sending an email with links and educating my clients. So many people don’t realize that an email is not really from their bank. I got a phone call recently that my client had a message that her social security had been hacked and they wanted her to call them back. I said, ‘NO!’ You would get a letter from the government; they wouldn’t call you. I spend a lot of time ensuring my clients don’t get spoofed via email or telephone.”
—Elizabeth Whitteberry, Best Path Advisors, NAWBO-Dallas/Ft. Worth
“I go to a lot of cyber security workshops. I have a very small business so I don’t know that we are the best prepared, but I know I need to continue to learn and prepare because we have a lot of stuff in the Cloud. I think that’s the scariest part…thinking about if there were to be a threat with Google or any of our other vendors with which we keep information stored. I think bigger than that is hearing about attacks on personal credit and making sure to be aware of that. I try to be educated and aware of what to watch for.”
—Wendy Coulter, Hummingbird Creative Group, NAWBO-Greater Raleigh
These companies have been targets of some of the biggest data breaches in the 21st century:
*According to CSO from IDG
Yahoo ($3 billion)
Adult Friend Finder ($412.2 million)
eBay ($145 million)
Equifax ($143 million)
Heartland Payment Systems ($134 million)
Target Stores ($110 million)
TJX Companies, Inc. ($94 million)
Anthem ($78.8 million)
Sony’s PlayStation Network ($77 million)
JP Morgan Chase ($76 million)
Home Depot ($56 million)
RSA Security ($40 million)
Adobe ($38 million)
U.S. Office of Personnel Management ($22 million)
It’s not just the big businesses! Every small business owner should know these five cyber security statistics:
1) 58% of malware attack victims are categorized as small businesses. Verizon 2018 DBIR
2) In 2017, cyber attacks cost small and medium-sized businesses an average of $2,235,000. Ponemon 2017 State of Cyber Security in SMBs
3) 92.4% of malware is delivered via email. Verizon 2018 DBIR
4) 60% of small businesses say attacks are becoming more severe and more sophisticated. Ponemon 2017 State of Cyber Security in SMBs
5) Advanced malware protection and prevention is the number one budget priority. 2018 IT Budget Priorities Report