Could this be your company…?
60% of small businesses go out of business within 6 months after a breach
40% of data breaches affect companies with less than 1000 employees.
50% of All cyber-attacks are aimed at small Businesses
The average breach goes undetected for more that 200 days
One in five small businesses falls victim to cybercrime each year and that number is GROWING
WE KNOW HOW IMPORTANT SECURITY IS TO YOUR BUSINESS!!!
…But do you know who is lurking in your network, changing, copying and stealing files, installing backdoors and applications to do whatever they want? Statistics show that the average time a breach goes undetected is over 200 days? That is 200 days too many for your critical files and information to be in the hands of hackers or bad actors.
Why do you think the number is so high, 200 days? That seems unreal, but unfortunately, it’s not. This is based on the overall average but when you break that number down it is small businesses that cause the number to be so high. With larger enterprises, the number of days a breach goes undetected is much smaller.
Most everyone remembers the Target Breach of 2013, one of the most famous breaches in the past decade. The hackers were only in their system for 20 days, but that was enough time for them to steal millions of cardholder’s data. But for most small businesses that time is between 180 to 345 days.
What do larger enterprise have that small businesses are missing?
“Knowledge and Resources!!!”
Large enterprises have the resources to hire a CISO (Chief Information Security Officers), while most small business owners don’t even know what a CISO is, nor what they do. A CISO’s job is to evaluate how technology is used in the company, and to design a plan to secure that technology that aligns with the strategic plans of the organization. This includes but is not limited to, evaluating how a specific technology is used, if that technology is needed, how secure is that technology, does the company have the tools and resources to secure it, recommendations for other technologies and tools to secure it and the list goes on…and ..on. This is a HUGE job and the average salary in the US for a CISO is over $200,000/ year, most small businesses cannot afford to pay someone to perform these tasks, it simply costs too much. So without the knowledge and skills of a CISO, small businesses try to do it own their own or rely on their IT provider for insight. Unfortunately this can be a HUGE and COSTLY mistake. IT ( information Technology) knows about security, but they lack the critical expertise in dealing with today’s threats.
If you need brain surgery are you going to ask your family Dr. to perform the surgery, most would say NO, you would go to a BRAIN surgent. Then why would you, if you need a data security solution or strategy, rely on an IT (family Dr) provider for the right solution, you shouldn’t, you need a true security adviser/consultant (Brain surgent).
Did you know…that the NSA, FBI,NASA and many other local municipalities have all been compromised in one way or another, and in some cases multiple times. I hear it all of the time from small businesses owners “we’re fine”, “we don’t need any more security”, “Our IT has it covered”, really…REALLY, if that were the case why are the statistics getting worse, why is ransomware on the rise, why are the attacks getting more sophisticated and harder to detect? Its because the bad actors know we don’t have it covered, they know we are living in a DREAM world if we think we do, and they know as long a small businesses think they are all good they will continue to do what they do, HACK!
“ONE HUGE THING TO REMEMBER WHEN IT COMES TO DATA SECURITY IS THAT NO SECURITY IS 100%”
So what CAN be done to mitigate the RISKS and SLOW the bleeding?
We are the TOP small business Data Security consulting company in Indiana! At our core, we believe that small businesses are vital to the economic survival of our country, and it is our civic duty to help them decrease their risk to avoid catastrophic failure to themselves and their local communities. We do it by developing a Risk Management Program designed around data security, to help move them towards an acceptable level of Risk, while offering strategic products and services to secure their most critical ASSETS.
One thing important to remember as a small business owner, is that SECURITY IS NOT A PRODUCT, IT IS A STRATEGY. So thoughts like, “I’ll just buy a better Antivirus”, or “I’ll buy the latest and greatest endpoint solution or firewall, or some other product” is WRONG thinking. Stop thinking about products and start think about ASSETS. What is your #1 asset, some might say people, and yes your people are critical and you should value them, but when people leave, in most cases they can be replaced without any problems. But if you lose all or some of your data or get sued for losing a client’s or employees personal information, your business could be SHUTDOWN, so your true asset is your DATA.
Small businesses must re-focus their efforts to that of larger enterprises if they want to DEFEAT cyber-criminals. Larger enterprises are proactively focusing on Risk Management, good Security Strategies, and Data Assets management, while most small businesses leave it up to chance or put it on the back burner, saying to themselves “it will never happen to us”.
There are three main layers to security, a PROTECTION layer, a DETECTION layer and a RESPONSE layer. The most important being the DETECTION layer. Think of it this way, if someone breaks in your home and you don’t know they are there how can you respond? You simply CAN’T! You can’t respond to an intruder if you don’t know they exist. So that is why you must have a STRONG detection layer. Gartner, a large technology surveying company, says that small businesses spend 90% of their efforts, resources and money on the PROTECTION layer, which is the WRONG layer all together. If you want to learn more, get the book The #1 Risk to Small Businesses…and How to Minimize it. It is packed with information on how easy it is for Hackers to get to your data and it gives practical wisdom of what to do.
“ITs Time for A NEW Approach to Security”
Small businesses, it is time to change, time to move forward and stop living in the past! The attackers and the attack surfaces have changed and so must you, if you want to survive. Did you know that Anti-virus technology has been around for more than 30 years, and firewalls for more than 20, with little innovation to either? If this is all you rely on, you must make a change, because if you don’t it will be your company we’ll be reading about tomorrow.
To get started making that change, we offer a program called Security Analysis Program, it allows us to get a snapshot of your security posture today, and help guide you to a acceptable level of risk according to industry standards. These are some of the same industry standards that large enterprises follow and created. There are so many moving parts to this I am not going to try to cover this here, just check out our Security Analysis Program to learn more.
Not all things need to be online. In fact, there are some systems and information that should never be onl…
The U.S. Department of Health and Human Services maintains a database that tracks every data breach of medical records…