From Novice to Expert – How Small Businesses Can Better Prepare for Cyber Attacks

Picture this: it’s the end of a long day at the office. You’ve just finished up your last task of the day. As you head to the door and prepare to lock up, you decide instead to leave the front door of your business open and unlocked all night.

Sounds crazy, right?

For many small businesses who are ill-prepared to defend against cyber-attacks, that metaphor could be a very accurate depiction of how vulnerable your businesses’ online information could be.

You may be surprised to find out that over the past 12 months, more than 60 percent of small businesses in the US reported at least one cyber-attack. Those figures stem from The Hiscox Cyber Readiness Report 2017,™ a study that gauged how prepared businesses are for cyber threats. The survey looked at managers and IT specialist from 3,000 small-to-large companies across the US, UK and Germany and found that more than half are ill-prepared to deal with cyber-attacks.

In addition to being victims of a cyber-attack, 42 percent of small US companies reported taking two or more days to even discover the attack and an additional two days to get back to business as usual. One of the most surprising figures: one-in-five small businesses say they changed nothing following a cyber security incident.

So, what can small businesses do to go from novice to expert in the cyber security space? Here are a few helpful tips:

• Involve top management in the cyber security discussions – Many board and C-suite level executives take cyber security seriously, and rank it as a top business priority.
• Formalize a cyber security strategy – Make sure a budgeting process is integrated into all security projects and activities.
• Implement more employee training – Eighty-six percent of all US businesses at the expert level agree that more robust employee training leads to fewer attacks. For novice companies, that number is just over 50 percent.
• Document processes and guidelines for employees to follow – If everyone is following one set of directions, it will create a more consistent line of defense against cyber threats.
• Tighten up your technology – Improvements to internal and external message encryption and the integration of strong authentication will set you apart from more novice businesses.
• Invest in cyber insurance – Nearly two-thirds of US experts (64%) have cyber insurance, compared to just 28% of novices.

Making cyber security a top business priority is a vital first step in protecting your business, your product and your customers. It doesn’t necessarily mean you need to invest a significant amount of money; focusing more on strategy and resources will go a long way in making sure your company in ready in the event of a cyber-attack.