Threat Meter

Hackers Don’t Want What I Have—Really?

/in /by

Introduction

Many business owners insist they do not have any information a hacker would want. Yet, a study by Webroot finds that most ransomware targets small businesses. Why?

You Have More Data Than You Think

A typical small business most likely has the following data in its systems:

Employee Info

  • Names
  • Addresses
  • Social Security numbers
  • Telephone and cell numbers
  • Personal email addresses
  • Bank account information (for payroll deposits)

Client Info

  • Names
  • Addresses
  • Telephone numbers
  • Email addresses
  • In some cases, corporate bank account information
  • Credit card data

Remember the old commercials that used to say, “but wait; there’s more!”

Your files are likely to contain insurance information. Beneficiary forms also include data on spouses and children as well.

How Much Will A Data Breach Cost You?

To find out, I used a popular Data Breach Calculator. It estimates incident investigation, notification, and crisis management costs. I entered the tiny number of 250 exposed records, well below the number held by typical small businesses. Accordingly, this small breach would cost more than $119,000:

Data Breach Calculator - 250 records breached

The above number may not be exact as breaches vary in severity, but $100K is still considerable. Can you afford it?

But—I have Insurance!

This is the response I hear often. Yes, you have insurance, but that doesn’t mean you’re covered. Let me explain.

First, make sure you have a cyber insurance policy. Most Business Owner policies do not include cyber insurance. So, check with your insurance pro.

Second, have in place what you said you did on your application. Insurance apps can be long and tedious. Sometimes, business owners check that they have certain things in place when they don’t. Your responses will be crucial while investigating claims.

Third, keep documentation on your management of required programs. For instance, Employee Security Awareness Training is often needed for cyber insurance. Your insurance company may deny your claim if you can’t show that you have not managed your program.

The bottom line is that cyber insurance is critical to all businesses in today’s climate. Make sure you have a good policy and the required security measures in place.

Conclusion

Don’t ignore security—the stakes are too high. Here are a few stats from the security company, Varonis:

  • 95% of breaches are due to human error
  • 36 billion records were stolen in the first half of 2020 alone
  • Over 300 billion passwords are used worldwide
  • It takes organizations, on average, 207 days to discover a breach
  • 1 in every 4200 emails, on average, is a phish
  • 17% of confidential files are accessible, by design or not, to all employees
  • Ransomware damages will rise to $20 billion in 2021
  • A business will become a ransomware victim every 11 seconds in 2021

Work with your IT department or Managed IT Services Provider (MSP).  Put in place a comprehensive cybersecurity program. Additionally, NEVER operate your business without cyber insurance—it is a must-have.

XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection | Security Awareness Training. Call (845) 362-9675 for a free consultation.

You might also like
team-work Special Announcement: Joe Imperato Jr. Quoted In Commerce Magazine
security-network XSolutions' Security Post Roundup: Mar 29, 2021
Anonymous Hacker What is SIM Jacking, and Why Should You Care?
Cybersecurity training concept. Why Awareness Training Is Vital To Your Security
law book Should You Encrypt Your Laptop?
Oil Pipeline Cybercrime Is Everyone’s Problem
Business people talking 3 tech decisions you can make without an IT consultant (and 3 you shouldn't)
security-network Security Alert: DocuSign Breach Leads To Phishing Attacks