Cybercrime. Is your business next

Some high profile cybercrimes made the news in October including the hacking of the US President’s website and a regional conglomerate’s network. But do small and medium businesses here in the Caribbean have anything to worry about?

If your business does any of the following, then your company could be a target:-

  • use internet for email, or to access websites and online banking.
  • store information on an electronic device or on the cloud
  • have employees access that information using company or their own devices
  • store personal information such as ID numbers and banking information for employees, customers or suppliers.
  • process credit cards
  • update software only when you get a new computer

Worldwide, one in five SMEs are likely to be targeted by a cybercriminal. While hacking of large businesses is more likely to make the news, smaller companies are a better target for cyber crime as they are less likely to have sophisticated cyber protection or rigorous training programmes for new and current employees. Now, during the pandemic, businesses and customers are more likely to use online technology. Staff working remotely often use devices or routers that are less secure than corporate networks. They can expose their companies on their return to the office if a corporate device has been compromised.

Small businesses are also more likely to be using legacy software that entail constant fixes and updating but do not have the required IT support. Around 98% of the 230,000computers impacted by the worldwide Wanna Cry ransomware attacks in2017were still using Windows 7 and had not updated the available patch

How Cyber Criminals Target Businesses

There are a number of ways to infiltrate a business, but the commonly reported means include:

  • phishing emails to customers in which they masquerade as your company. If a customer clicks on a link in the email, the hackers can steal personal identification information.
  • phishing emails to employees that appear to come from a legitimate source but link to a duplicate site in order to obtain the employee’s login credentials
  • use of viruses or ransomware to corrupt your data files.
  • Social engineering—tricking employees or customers into transferring company funds by posing as a legitimate business contact.

How Are Operations Affected In A Breach?

  • Lost or locked up data
  • Compromised computer systems
  • Theft of personal information of employees, customers or suppliers
  • Loss of income resulting from business shutdown
  • Damage to reputation as affected persons share their experience

Cost Of A Breach

The costs of rectifying and recovering from a breach can be substantial. Your company will quickly have to identify and hire IT contractors to repair and reactivate your network and rebuild your security, PR consultants to contact affected customers and suppliers and protect your company’s reputation, and lawyers to help your decisions on whether to pay any ransom and the legal consequences of such a decision. There may also be contractual or regulatory penalties to be made in addition to a ransom payment.

The 2020 study by IBM Security and the Ponemon Institute found that the average cost of a data breach was US $150 per affected customer record and that it took an average of 280 days to identify the breach. Apart from recovery costs, there is the downtime where the business struggle with the interruption of operations. Roughly 60% of SMES in the UK targeted by cyber criminals went out of business within six months.

But there is also an opportunity cost: as regional companies adopt rigorous procurement processes, a major factor for assessment is the supplier’s network security practices and protection of clients’ data.

Protecting Your Business

An independent IT consultant can assess your exposures and recommend how they can be addressed, particularly in respect of cybersecurity monitoring and early warning protocols, use of virtual private networks, endpoint detection and response solutions and staff training requirements. However, despite the best preventative measures, a breach can still occur.

Companies are now reassessing their need for cyber insurance. This covers the immediate expenses that a company incurs after a cyber breach such as;

  • Repairing any damaged software or hardware
  • Protecting the company’s reputation and contacting affected customers
  • Business interruption costs and missed income while business operations are suspended.
  • Ransom payments to allow release of locked up data or system

It also provides coverage against lawsuits and legal claims.

Your network is only as secure as its weakest link, and as those links expand, so does the need to have contingency plans. Cyber experts state that it’s not a matter of if your system will be breached, it’s a matter of when. Is your business ready?