Most companies look at hacking as a NIMBY situation. NIMBY stands for Not In My Backyard. It’s usually used to describe the reaction from homeowners or the general public when something questionable — like a landfill or a prison — is scheduled to be built in their neighborhood. Everyone understands the need for landfills and prisons, but nobody wants them built in their own backyards.
The same dynamic is true when it comes to how companies look at a potential data breach or being hacked. Everyone understands that hacks and breaches happen everyday, but nobody ever things it will happen to them. When the topic is broached — not breached — there is an all-too familiar phrase that gets spouted as a reason why that company will never be hacked: I don’t have anything worth hacking.
First, let’s tackle the self-image problem brought on by saying something like “I don’t have anything worth hacking.” Don’t be so hard on yourself. Find a mirror, look at yourself in it, and repeat after me: I’m good enough. I’m smart enough. And, doggone it, people like me.
Second, and more importantly, whether you think you have anything worth hacking is irrelevant. A hacker ca not make that determination until after he or she has hacked into your system and taken whatever he or she wants.
So, the question is not whether you have anything worth hacking or not. The question is: do hackers think you have anything worth hacking? And if they think you have credit card numbers, or the personal information of individuals — like a Social Security number — or anything else that can be ransomed or sold off, then you should be worried.
Here are some statistics that you should be made aware of:
- In the past 12 months, hackers have breached half of all small businesses in the United States, according to one report.
- Another report revealed that 60% of small businesses close within six months of being attacked because they lack the resources to manage and recover from a breach.
- A recent report from Verizon revealed that small businesses were the victim in 58% of all data breaches.
From Verizon: Insider threats represented 28% of breaches. As well, 17% of breaches were social attacks, and financial pretexting and phishing represent 98% of social incidents and 93% of all breaches investigated, with email continuing its role as the main threat channel, at 96% of incidents.
Thinking “I don’t have anything worth hacking” is the shortest distance to being out of business as soon as it happens.
The most important component of developing an effective anti-hacking culture is to train your employees. You can have the strongest firewall in the world and have the best anti-virus software, but if Debbie in accounting clicks on a phishing link, none of that technology is going to matter. Working with your employees so they recognize possible threats and avoid them is the most important component of an effective cybersecurity program. And before you ask yourself if you can afford to take the time and resources to train your employees instead of asking them to rely on common sense, ask yourself if you can afford what it will cost to re-build your business in the event a breach occurs. Can you afford not to make that investment in your employees?
Some of the businesses we have worked with, the management did not want to spend any money on training their staff on software that would make the team more productive and the business more automated.
Now we are talking about security training, building a culture that is similar to “See Something, Say Something.” Everyone needs to be more aware. The walls around our business information and that of our clients need to be reinforced. We owe it to them and ourselves.
There are systems out there that can help to create a security training program – extra help for those who need it and a way to measure your potential exposure.
And, honestly, spending the time with your employees will make them feel more invested in the company, like they have more of a stake in the company’s performance. And that could lead to higher productivity gains and output. There are a lot of benefits that go along with showing your employees that you care about them and want them to do their best.
But don’t worry. We can help. Go to www.nowitworks.com and learn more about how we have been keeping small businesses like yours safe for more than two decades.