For as little as $3.00, someone can hire an “independent contractor” to write negative Yelp reviews about a business. On the pricier side, a hacker might charge several thousand dollars to break into a simple website. Whether for a few dollars or a few thousand, however, the relative cost of infiltrating the systems and networks of a small or medium sized business is a fraction of the value that hackers can derive from the intrusion; at least until they are caught. The truth of the matter is that cyber thieves know that their choice of crime does pay.
Consider the following:
- For about $500 per address, you can hire a hacker who will break into a corporate email account. Many hackers are so adept at this that they advertise their ability to access email accounts with no awareness on the part of the account owner that his or her email has been hacked.
- The dark web provides a platform for hackers to advertise their services. Anyone with a TOR browser can find a hacker who will develop custom phishing scams or malware to be inserted on USB drives. Coders who want to move to the dark side of hacking can also find kits and educational services to teach them how to become cyber thieves. Links to various dark web hacking websites are easily found.
- Even without coding or hacking skills, scam artists can pose as corporate insiders to convince unwitting employees to divulge information that allows ready access to a corporate system and network. An employee of the Bloomington, Minnesota school district, for example, recently responded to what appeared to be a legitimate request from another employee for tax and income data on the district’s personnel. The source of the request was an outsider who had no connection to the school district, but with a simple request he gained access to personal and financial information of more than 2800 of the district’s employees, including addresses and social security numbers.
Hackers face a very low financial barrier for entry when they seek to infiltrate a small business’s computer networks, but those businesses have multiple defenses against infiltrations. Cyber insurance providers that work with information technology and network security specialists are a good source for the most up-to-date and effective defense strategies that a small business can implement. Many of those strategies are as low-cost as the hacking techniques used by many cybercriminals.
The simplest and most effective strategies, for example, include requiring employees to use strong sign-in credentials or passwords for corporate networks, and to change those passwords regularly. Employee education is critical to emphasize the risks of certain actions, such as opening attachments in emails from unknown sources, or using unsecured public Wi-Fi hotspots for remote access to a corporate network. A small business that retains backup copies of data and software will be better able to recover from a ransomware attack. Limiting both virtual and physical access to critical server components can also protect against low-level cyberattacks, as will anti-malware software that is updated to protect against new threats as they become known.
Realizing that even the best of defensive strategies may not be sufficient to stop an infiltration, small businesses should adopt a strategy to respond to a cyberattack that does harm its networks, or that exposes and compromises customer data and information. The latest statistics show that a cyberattack’s disruption to a small business’s operations can lead to losses of almost $1 million. Few small businesses can absorb that magnitude of a loss, particularly if it faces additional liabilities to third parties whose information has been lost as a result of the cyberattack. In that event, cyber liability insurance is the best protective and defensive strategy to keep a small business’s operations up and running.