Whether it’s concerns about Russian influence in elections, North Korea’s ability to infiltrate corporate emails, or bugs and malware that attack businesses that are supposed to safeguard consumer information, hacking and cyber security are all over the news. These are big, scary concepts, and most small business owners likely don’t realize just how much they too are at risk for a hacking scandal.
As more of our business continues to move online, companies of all sizes need to be just as diligent about cyber crime as they once were (and perhaps still are) about real-life robberies and theft.
A Verizon Data Breach Report says that more than two thirds of all data breaches are waged against companies with fewer than 100 employees. The average cost of being hacked? A cool $36,000.
And this might just be the beginning: A
Forbes “Future of Supply Chain” survey from last year showed that “data security/IT incidents” are the highest ranking and fastest rising concern among 1,408 respondents. Even
the U.S. government is putting out informative videos warning companies of “the integrity of the supply chain.”
The reason that supply chain security is so important is simple: Any chain is only as strong as its weakest link. Your small business might have all the up-to-date protections and firewalls, but if someone you do business with—your inventory supplier, your transporter—has technological weaknesses, you too could be exposed.
In fact,
accessing data via third-parties is how Target, the U.S. Office of Personnel Management, and T-Mobile were all hit over the last few years. In the case of Target, a heating and air conditioning subcontractor was the access point. T-Mobile’s weakness was Experian, a company that performs credit checks.
The financial and brand hits these companies took as a result of the breaches were massive. Could your small business survive such an ordeal?
What Makes a Data Breach So Costly?
You might wonder what exactly makes a data breach by hackers such an issue for small businesses.
First of all, if you encourage your customers to visit your website and purchase products from you online—whether through your own store or another third-party channel like Etsy or Amazon Marketplace, as part of a
“bricks and clicks” model—and you are hacked, you have potentially leaked the financial information of your customers. In almost every state, companies must notify customers when their data has been breached. They’re often then compelled to pay for credit monitoring for those customers, and can potentially be sued for damages as well.
Secondly, in fixing the issue, computer experts often need to purge business systems of the viruses or malware that affected the business. When websites are shut down to combat this issue, potential sales are lost.
How To Keep Your Supply Chain Secure
There are a number of steps small business owners can take to make sure they’re protected from potential cyber intrusions. Some of these steps are basic, some are more advanced, but you should consider taking every recourse available to protect your company.
Educate your employees
Experts say that your
employees are your greatest threat. This isn’t to say your company will be hacked by an employee, but that they can unwittingly expose you by clicking on a phishing email or with unsafe surfing practices.
One Verizon report says that at least 1 in 10 people who are sent a malicious email will click a link in it.
So bring your employees into the fold and help them understand the risk that phishing emails, malware, and other threats can pose.
Assess third-party risk and continue to monitor it
As mentioned earlier, you can be as careful as possible and still get stung if a third-party vendor has a weakness. You’ll need to identify any third-parties with access to sensitive data and then review their security measures and protocols, via interviews, documentation review, penetration tests, security ratings, and vulnerability scanning. Nothing should be off-limits in this regard. If you’re trusting them, you need to make sure they can be trusted.
This isn’t a one-time thing either: Continuous measurements of security performance by all members of a supply chain should become your standard.
Take legal precautions
It’s not personal: Add language to your contracts with vendors that spell out your expectations on security. If you include in your contracts that vendors use encryption technologies, for example, you’ll not only keep them on their toes, but you’ll protect yourself from liability if there is a breach.
Upgrade your own authentications
Not everything is someone else’s fault. You need to make sure you’re taking the proper precautions as well.
Start with moving beyond simple passwords to multi-factor authentication, such as mobile apps or text message services that provide a security code each time a person logs in.
The Biggest Supply Chain Trends
You should also have systems that can allow, manage, and audit access across the supply chain. If you have a well-secured single-access point to all your applications, you can manage all customer and partner access to your data through a single gateway, rather than through multiple access points, reducing risk.
Let professionals take a look, or take over
One big reason that small businesses are such a popular choice for hacking by criminals is that they know many small businesses won’t want to invest their time—and more importantly, their money—into defending what they assume is already secure. Plus, lots of the sophisticated precautions that one could take are usually beyond your typical business owner. That’s okay. You didn’t get into business to conduct cyber security audits.
So, perhaps consider enlisting the help of security professionals. Find a well-regarded, well-reviewed cyber security firm that has IT security systems to protect your operations and sensitive data, and take this load off your mind.
Buy cyber insurance
Last but not least: Get insurance. You have insurance for plenty other aspects of your business, why should this be any different? There are loopholes that allow banks to avoid reimbursing you for losses—protect yourself from that by safeguarding your funds with cyber insurance. It’s not a proactive solution, of course, but worst comes to worst, you won’t be on the hook for thousands of dollars that could sink your business. Premiums as low as $1,000 a year can provide $1 million in coverage.
Cybercrime is like experiencing a natural disaster—you never expect it will happen to you. But one of the costs of doing business online is that we have to protect ourselves from all the possibilities, which includes the surprisingly common occurrence of small business data hacking. Protect yourself and protect
your supply chain, and you’ll protect your customers. That means keeping them safe, happy, and returning to your site while others find themselves scrambling to recover leaking financial information and data. Avoid that fate by taking the above steps—the sooner, the better.