In the offices of a two-person startup company in New York, thieves ran 100,000 credit card numbers through the company’s payment system. The company, Innovative Higher Ed Consulting Inc. (“IHEC,”) used Bank of America Merchant Services to conduct its business. IHEC’s owners did not turn on the security features associated with their account because they believed the payment system was not yet linked to their company’s website. Even after the company activated the security features on the account, customers still were the victims of suspicious transactions. It was too little, too late.
Most small business are not incentivized to prepare for cybersecurity threats, especially from a profitability standpoint. According to Dr. Larry Ponemon, founder of the Ponemon Institute, “these [cybersecurity] safeguards are important because most small business owners do not realize that they are vulnerable.” These vulnerabilities not only affect small businesses, but some small businesses are stepping stones to larger ones (for more information see 2018 Global Outlook challenges Planning Assumption). For example, IHEC’s account on the Bank of America server provided the means for cyber thieves to check if certain card numbers were still active. As a result, IHEC now owes Bank of America Merchant Services over $27,000 to reverse charges on all hacked accounts. Although this amount is likely considerable to IHEC, it could be worse: the average cost for a small business to clean up after a major cyber incident is about $690,000.
The question really becomes: what is cyber readiness worth to your small business? Can your small business afford a cyberattack? Prevention and detection is the only way for small business to protect against cyber threats and ultimately, avoid the costs associated with a cyberattack.
For small and medium-sized businesses concerned about cyber risks, the Cyber Readiness Institute offers a free program that provides communications, resources, and tools to help organizations become cyber ready. Following the five-stage program created by the leading business and cybersecurity experts will help to safeguard your company against cyber threats by putting systems in place to reduce risks associated with key issues including phishing, USB use, password management and patching. On the Cyber Readiness Institute’s website you can find articles and background information to gain a deeper understanding about the importance of cybersecurity and what to do in case of an attack. Each company that takes a few easy steps to improve cyber risk management helps to raise the standard of cybersecurity for all companies.