The Cyber Crisis Faced by Small and Medium-Sized Businesses

You Will Probably be Called STUPID. . . or IRRESPONSIBLE

Should You Fall Victim to Cyber Attack

Isn't it incredibly unjust? Victims of crimes such as burglary, rape, mugging, carjacking, and theft receive empathy from others and are referred to as "victims", and they receive the support they deserve.

In cybersecurity, claiming ignorance is not a valid defense.

However, if your business is the victim of a cyber-attack that results in the compromise of client or patient data, you will not receive the same sympathy. Instead, you will be immediately deemed foolish or negligent. You will be subject to scrutiny and inquiry regarding the steps you took to prevent the attack, and if your actions were insufficient, you may be held responsible and face severe fines and lawsuits, even if you entrusted an external IT support company to safeguard your data. Claiming ignorance is not a valid defense, and the consequences of this significant, expensive, and reputation-ruining catastrophe will fall entirely on you. But it doesn't end there . . .

Under the data breach notification laws, you will also be obligated to inform your clients and/or patients that their information has been exposed to cybercriminals, which can have severe consequences for your business. Your competitors will take advantage of this situation, and your clients will be angry and leave in large numbers. Employee morale will plummet, and they will hold you accountable for the situation. Financial institutions are not required to reimburse funds stolen because of cybercrime, and unless you have a specific type of insurance policy, you may not be covered for any financial losses.

It's essential to recognize the significance and likelihood of these risks. It's not wise to assume that your IT provider is doing everything necessary to protect your business, and there is a high possibility that they aren't. With your permission, we can demonstrate this to you.

Yes, a Cyber-attack CAN Happen To YOU

And The Damages Are Real

You may be aware of the increasing risks posed by ransomware and hackers, but there's a possibility that you're not fully appreciating the danger they present to your business. Moreover, you may not be adequately protected and are operating under a false sense of security because your outsourced IT provider is not advising you properly or hasn't discussed the protective measures outlined in this report, such as putting a cyber disaster recovery plan in place.

This is not a topic to take lightly because if a data breach occurs, your reputation, finances, and entire business will be at stake. Therefore, you must take charge and ensure that your company is well-prepared and sufficiently protected instead of delegating this responsibility to someone else.

The PROBLEM with Fully Entrusting your Cybersecurity to One Team or Person

Delegating the issue of cyber security solely to the IT department is no longer sufficient. Even a single mistake from an otherwise intelligent and experienced employee can create significant damage, such as clicking on the wrong email or downloading an unverified application.

Your own employees can blame you in the event of a cyber attack.

The story of Michael Daugherty, former CEO of LabMD, serves as an example. Despite having an IT team in place to protect against data breaches, one of his billing department managers unknowingly left a folder containing over 9,000 patient files open for sharing with other users. An unethical IT services company gained access to the file and extorted Daugherty for payment. When he refused to pay, the company reported him to the Federal Trade Commission, which demanded extensive documentation and testimonies.

His employees blamed him and left, clients took their business elsewhere, and insurance providers refused to renew policies. The FTC's pursuit of him took a significant toll on him both emotionally and financially, leading to the closure of his business.

This serves as a warning to take cyber security seriously and not assume that the IT department alone can prevent such breaches.

Being a Small Business DOES NOT Make You Immune To Cyber Attacks

Cybercriminals are relying on small businesses to believe that they are not at risk of cyber-attacks because they are not as big as companies like Experian, J.P. Morgan, or Target, and have good people and protection in place.

This false sense of security makes them easy targets for cyber-attacks because they have either put zero or inadequate protection measures in place.

Every day, there are 82,000 new malware threats, and half of the cyber-attacks target small businesses. However, such incidents are not widely reported as big breaches, or companies may keep them quiet to avoid bad PR, lawsuits, data-breach fines, or embarrassment.

Further, one in five small businesses has been a victim of cybercrime in the past year, and this number is expected to be much higher because most small businesses are too embarrassed or afraid to report such incidents.

Moreover, the average small business lost over $100,000 per ransomware incident and over 25 hours of downtime, according to Osterman Research.

Therefore, shrugging off the chance of such attacks and taking the risk is not advisable.

It’s NOT Just Cybercriminals Who Are the Problem

Disgruntled employees pose threat to your organization's cybersecurity.

Many business owners mistakenly believe that cybercrime is only perpetrated by hackers from countries like China or Russia. However, the evidence suggests that significant losses can also result from disgruntled employees, both within your company and your vendors, who know of your organization and have access to your data and systems. What kind of harm can they cause?

  • Employees leaving your company may take your files, client data, and confidential information with them on personal devices or via cloud applications that your IT department is unaware of or forgets to secure. A comprehensive study by Osterman Research found that 69% of businesses suffer data loss due to employee turnover, and 87% of departing employees take data with them. The stolen information can be sold to competitors, used to create new competing ventures, or retained for future employment.
  • Employees can steal various valuable items such as funds, inventory, trade secrets, and client lists, and it occurs more frequently than businesses are willing to acknowledge. There are numerous underhanded ways in which employees can steal. Statistic Brain’s website reports that 75% of employees have stolen from their employers at some point, ranging from inventory theft to check and credit card fraud. Over time, your money can be stolen in small amounts that you may not detect.
  • One of the most COMMON ways an employee steals is by wasting work hours on personal activities such as shopping, playing games, checking social media, and reading the news. They are paid for a 40-hour week but may only work half of it, which can be a drain on profits. They may also complain about being overwhelmed and suggest hiring more staff, which can further reduce profits. This behavior can also put the company in legal trouble if the IT company does not monitor their online activities and limit its access to certain sites. For example, visiting illegal music and video download sites, adult content websites, and gaming and gambling sites can expose the company to viruses and phishing scams.
  • One common situation is when an employee is terminated or leaves the company due to dissatisfaction. Before they depart, they delete all their emails and important files, causing permanent damage. Without data backups, everything is lost. Pursuing a legal case against them, even if successful, could cost you more in terms of legal fees, time, and the stress of dealing with the situation, which is far more than the potential damages you may be awarded.
  • Another potential risk to consider is vendor theft. Companies that handle your payroll, HR, and accounting have direct access to sensitive information and could potentially commit fraud. This includes not only their leadership team but also their employees, such as part-time workers who are not closely monitored and may be working from home. These individuals could easily steal data or take funds from your account for personal gain.

Is Your Current IT Company Doing Their Job?
Book A Call to Find Out.