Is your Louisville business at risk of a cybersecurity breach? The sad answer is likely “yes.” Chances are, your business’s greatest asset is also its biggest weakness. This is your employees. Despite good intentions, nearly half of all workers receive little to no training in digital defenses.
Why is this? How can you change it so that your data is safe? Keep reading for answers to these questions and more.
Q: Most businesses require data security training, right?
A: No, actually. While workers on the IT side are generally required to have a basic understanding of cybersecurity, most Louisville-based businesses – and particularly small businesses – do not involve most of their workforce in digital security training.
Q: Is digital security training really that important for small businesses?
A: Absolutely. Around half of all cyberattacks are launched against small businesses. This is due in part to hackers’ knowledge that training is rarely a priority. Many small businesses mistakenly believe their systems are safe because they don’t have anything of value lying within the depths of their hard drive. Nothing could be further from the truth, however, as any business that collects information is a target.
Q: How does a data or cybersecurity breach affect my business?
A: A data breach has many negative consequences. First, it takes away your customers’ trust in you. But more importantly, unauthorized access to data may put your customers at risk of financial loss. It’s also a huge invasion of privacy. One recent local example of a cybersecurity attack is Louisville’s Kentucky Counseling Center. In December 2018, a former employee illegally removed records from the company and released them on a file-sharing site. This left more than 16,000 patients questioning who on the internet has their personal information.
Q: Aside from disgruntled employees, how can my workforce contribute to cyber-vulnerabilities?
A: Angry workers make up just a small threat. The real gold vein for hackers and cybercriminals are those employees within your organization that trust what they see. Criminals’ favorite digital theft method is a tactic called business email compromise, which fools an employee into wiring money or information to a fraudulent account.
Often these attacks begin through a phishing email – a worker clicks on a fraudulent link and allows criminals into the system. They then study how executives communicate, when they are unavailable (so not immediately available to check with), and use the executive’s email to issue orders.
Take this sample scenario of a cybersecurity breach at Louisville, Inc., a fictitious company with an accountant named Jonathan. Jonathan receives an email that he believes is from company leadership. CEO Jeff requests information on newly opened accounts, claiming that the information is urgent and Jonathan must respond now. Jonathan, fearing the repercussions of not following directions, responds with an attachment of his most recently updated spreadsheet of new accounts. Unfortunately for Louisville, Inc., this was a cybersecurity incident and Jeff was not the sender.
A: How can I get started with training?
Q: There are things you can do today to educate your employees about digital threats. Start by hosting a meeting to remind everyone that there are no circumstances in which sensitive information should be sent without first verifying the requester. Next, contact ImageQuest for more information on employee training and cybersecurity best practices. We service Louisville, Nashville, and Bowling Green, and are happy to get your company up set up with training, managed IT, and IT compliance consulting services.
Q: What advice might you give a small business owner that can not afford IT training?
A: While there are costs involved, the real financial burden comes from taking steps to prevent digital infiltration. A single incident of stolen records can result in insurance premium increases, the loss of intellectual property, and even lawsuits. Alarmingly, about six out of 10 small businesses that get hit with a data breach go out of business within six months. In other words, it is much easier to be preemptive than reactive.