Businesses under siege

By Laura Haight

If every other house on your street was burglarized, would you be worried enough to better protect yours? 

Of course, you would. And yet that is exactly what is happening to small businesses today, according to the National Association of Small Business 2014 survey, released last week. In it, the NASB reports that 50 percent of businesses with fewer than 500 employees (the definition of "small") had been hacked or infected by cyber-crime last year. That's up from 44 percent the previous year. 

For an even more dire picture, take a look at the Duke University/CFO Magazine report released on June 5 that reports 80 percent of all US companies, regardless of size, had had their technology systems compromised. The most vulnerable, the report states, smaller businesses, 85 percent of which are "under siege." 

For small businesses, the numbers are going up - and not in a good way. More from the NASB report shows: 

  • Number of days to resolve an attack is up to 3-5 for 33 percent of businesses, up from 20 percent in 2013.
  • Amount the attack costs a business ballooned from $8,799 in 2013 to $20,752 in 2014. A broader measurement from the American Association of Fraud Investigators, reported last year that the average cost was $145,000.
  • Percentage of small businesses that actually had a disruption of service from the attack: 58 percent. 

What's not going up? Apparently business owners' level of concern. In a 2013 Technology Survey, the NASB reported that 59 percent of owners were "very concerned" about cybersecurity for their businesses. In the 2014 survey, that dropped to 42 percent. 

Also in the 2013 report, 79 percent of business owners reported that they had anywhere from "No understanding" to a "Moderate Understanding" of cybersecurity issues. And yet, 39 percent said that they handled their own security. Another 33 percent had a staffer do it.

John Graham, director of the Duke survey and a professor at the university's Fuqua School of Business, said in a statement. "No one appears safe. The situation may even be worse than reported because many firms might not even realize that they have been attacked."

Graham explained smaller firms are more vulnerable because they don't devote as much resources to protect their data. The survey showed that smaller firms were half as likely to take certain extra steps to block hackers, including trying to break into their own systems, hiring staff to protect data or requiring extra training of staff.

Graham is right. This isn't a problem that can be solved with hardware and software. No amount of money can protect you from authenticated users in your business who act either unconsciously or carelessly and put your business at risk. It only takes one chink in the armor to ultimately knock down or circumvent all your defenses. 

FBI cyber division chief Joseph Demarest has a blunt message: "You're going to be hacked. Have a plan."

BizSafe, a service jointly offered by Portfolio and Fraud Investigator Kelly Wessel, is the foundation of a plan. It can help by assessing your risk, auditing your processes and evaluating your staff's ability to serve as your guardians at the gate. Once you know where you are, we can help you get where you need to be.

Don't think you need this? The next business confab you go to, look around the room. Look at the business owner to your right and left of you. One of you has almost certainly been hacked. Are you sure it's not you?

More posts on security