No matter how big or small your business is, cyber attacks and data breaches are real threats that are becoming even more frequent in our increasingly digital world. Cyber attacks are specifically on the rise for small and midsize businesses as they present more vulnerabilities than larger organizations. According to a Ponemon 2017 report, cyber attacks cost small and medium-sized businesses an average of $2,235,000.
As a business owner, you shouldn’t wait until something happens to protect your business, employees, and customers from cyber attacks and data breaches. In this blog post, we’ll begin by looking at a few recent cyber attacks to identify lessons your business can learn. We’ll then go into detail about tips you can implement to protect your business along with insights on how to best respond to a cyber attack.
Lessons Learned from These Business Cyber Attacks
While cyber attacks can impact businesses of all sizes, the ones that make headlines often involve large organizations and corporations. Small and midsize business owners, however, can still learn important lessons from these highly publicized cyber attacks. Here are a few insights to keep in mind.
Target Cyber Attack
In late 2013, the large American retailer Target was the victim of a massive data breach that affected as many as 110 million customers. Cyber attackers installed malicious software on point-of-sale devices at Target stores and were able to steal the financial information of 40 million customers and the personal information of 70 million shoppers.
On December 19, 2013, Target disclosed that it had experienced a data breach from November 27 to December 15. While Target was likely using the four days between the attack and the announcement of the attack to assess the damage in order to prepare their response, customers still wondered why Target had waited four days to inform them.
Lesson: If your resources and plan allow it, communicate as quickly as possible to your customers that their personal information may have been breached so they can take proper steps to protect their personal data and financial information.
Facebook Data Breach
Just this year, the popular social media network experienced a data breach which affected 50 million users. The attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take control of them. Luckily, Facebook notified users very quickly over the app and email that they may have been a victim of the breach and took the right precautions, such as automatically signing users out of the app and recommending they change their passwords.
Lesson: If your company stores personal information on your customers and requires account creation, you should send out regular reminders to your customers to update and change their passwords every 3 months. In addition to this, you should consider setting up two-factor authentication so customers and employees can be notified when a login attempt to their accounts.
Sony Pictures Cyber Attack
This may be one of the most infamous cyber attacks in the past decade. Hackers broke into the computer systems of Sony Pictures entertainment in 2014 and stole a range of confidential documents, including email correspondences and salary information, from the Hollywood studio. The hackers then proceeded to post this private information online.The attack also disrupted Sony’s computer systems globally and made it extremely difficult for the company to return to regular business. Hackers were able to access Sony’s network because it lacked basic cyber protection, like two-factor authentication and encrypted data. Additionally, the organization didn’t have strong cyber security trainings in place, and were unprepared to deal with the phishing tactics used in the attack.
Lesson: Your company should administer regular cyber security trainings for all employees to help them utilize cyber security best practices, detect a threat, and effectively report an attack.
Types of Cyber Attacks To Protect Your Business Against
As cyber attacks and data breaches become more common, the types of attacks used also become more varied and complex. Here are a few types of cyber attacks your company should be aware of in order to fully protect itself:
- Malware: Malware is like the digital version of kidnapping. A hacker gains access to your IT systems, such as your company servers, and locks specific, sensitive files so users can no longer access them. Typically, the organization will need to pay the hacker a ransom in order to have their data and information released.
- Denial-of-Service (DoS): This is an attack in which a hacker makes a machine or network unavailable by blocking users from using and accessing the services connected to the internet.
- Social Engineering: This is a type of cyber attack in which a hacker disguises themself as a trusted source online in order to acquire sensitive information. This is typically an email that looks recognizable to the receiver and is used to gain access to a network when the receiver clicks a link within the email.
What’s Your First Move After A Cyber Attack?
If you experience a cyber attack or data breach, the first thing to do is find out as many facts as you can about the breach so you can notify customers. Determine when and how the breach occurred, what information was obtained and how many individuals were affected.
Then assess the risks you face by determining:
- The sensitivity of the information
- The number of individuals affected
- The likelihood the information is usable or could cause harm
- The likelihood the information was intentionally targeted, which increases chance for fraudulent use
- The strength and effectiveness of your cyber security protocol
By fully analyzing the data breach, the information you give to your customers or clients is as accurate as possible and will hopefully ease their worries. And if the information is coming directly from you, your customers may feel confident that you have control of the situation.
Protect Your Business With Cyber Liability Coverage
While having a cyber risk management plan can help you prepare for the possibility of a cyber attack, it’s not the only thing you can do to protect your business from online threats.
Notifying customers, setting up a call center dedicated to breach-related calls and providing free credit monitoring are a few ways you can respond to a data breach. These actions can be expensive, but fortunately for business owners, cyber liability coverage can help defray some of those costs.
Every company is a potential target for cyber criminals. Don’t think of a cyber attack as a possibility but as an expectation, and always be prepared to respond.
Consult an experienced member of our Commercial Lines team by reaching out to firstname.lastname@example.org or by calling (800) 333-7234. We also invite you to learn more about the services we provide at www.easterninsurance.com.