Businesses of all sizes are targets for cybercriminals
As a business owner, it can feel like a full-time job to keep up with the ever-changing implications of technology – from optimizing SEO on your company website and streamlining project management systems to maintaining and upgrading office hardware. Technology has a huge impact on your business and consumes a lot of bandwidth (literal and otherwise).
And although we are dependent on the Internet to keep our lives and businesses running smoothly, it’s easy to get lulled into a false sense of security – or cybersecurity, to be more precise. However, the growing threat of data breaches affects millions annually and can have a devastating impact on any organization.
The Equifax data breach has brought new awareness to the vulnerability of online information; according to CNN, as many as 143 million Americans may have been affected, with the credit card numbers of approximately 209,000 exposed and the personal information of 182,000 customers at risk. Although this breach was massive, it’s not a unique situation. Information theft is a real risk for businesses of all sizes, and more prevalent than many realize.
Over 171 million personal records were breached in 2017, with Wells Fargo, Capital One, and Citibank among those targeted. Although it’s easy to understand why such high-profile organizations find themselves at risk, mid-level and smaller companies are often especially vulnerable due to lower security protocols. In fact, nearly half of all attacks are targeted at small- and medium-sized businesses; they may not be headline worthy but they can be a more devastating attack given the limited resources of an organization of that size.
85% of organizations have reported being victims of phishing attempts. Since realizing that it’s more difficult to find weaknesses in a company’s online infrastructure, hackers have instead relied on manipulating clients to give up their log-in information or inciting employees to click on links that include malware, creating financial losses and public relations nightmares for the companies being targeted. These malicious emails have a 30% open rate, making this an increasingly popular method of attack.
According to data collected from a survey by Kaspersky Lab, a cybersecurity incident involving a financial institution can create up to $926,000 of actual costs. Billionaire Warren Buffet considers cyber-attacks to be potentially more dangerous than weapons of mass destruction to global economies, and Berkshire Hathaway Specialty Insurance has launched policies offering coverage for cyber liability incidents.
The threat is not only real, but imminent.
New York takes action
New York recently implemented a cybersecurity compliance law, 23 NYCRR 500, mandating that businesses that report to the state’s financial regulator do the following:
- Establish and maintain a cybersecurity program, including policies and procedures that protect nonpublic information.
- Perform regular risk and vulnerability assessments.
- Designate a Chief Information Security officer.
- Establish an audit trail with access privileges and application security.
- Identify cybersecurity personnel and develop a security policy for third-party service providers.
- Devise limitations on retaining data, develop training and monitoring programs, and encrypt nonpublic information.
- Create a response plan for potential incidents.
Other states are sure to follow suit, with more cybersecurity regulations being added each year as the impact of data breaches expands and hackers adopt new methods. However, financial institutions shouldn’t wait until cybersecurity regulations are a legal requirement – being proactive about protecting the information of your customers can save your company time, money, and, perhaps most importantly, your public image.
Dedicating resources to eliminating online vulnerabilities could ultimately be one of the most valuable investments your business could make.
If you need help complying with 23 NYCRR 500 or simply want to make sure your business is protected against a potential cyber breach, CyberGuard 360 can help. Call us at 844-315-9882 or use our contact form for a free consultation.