Jennifer Kurtz quickly boils down the reasons small businesses should care about cybersecurity.
You want to keep your business, your reputation, your customers, your money and your people. You don’t like getting sued. And you want to sleep well.
Pretty hard to argue with that.
Kurtz, the Cyber Program Director at Manufacturer’s Edge, a Colorado-based nonprofit that works to boost the competitiveness of Colorado manufacturers through that state’s Manufacturing Extension Partnership, shared her expertise with attendees of New Mexico MEP’s Manufacturing Day activities in Albuquerque last October. During the New Mexico MEP Manufacturing Summit, ‘Thinking Machines and Smart Workforce,’ Kurtz addressed the impact of cybersecurity, breaches and data theft.
Kurtz told the New Mexico MEP attendees she uses the phrase “Biz Burglary” when discussing what happens when phishing, ransomware or security breaches result in data being stolen or compromised. And, she says, it has led to financial loss and, in some cases, businesses having to close entirely.
Kurtz reports that 55 percent of small or midsized businesses have experienced data breaches or cyber attacks. In 2016 alone, 70 percent of targeted attacks were aimed at small or midsized businesses and 60 percent of those were severely impaired by the attacks. Some 50 percent of small and midsized businesses were victims of ransomware, with 48 percent of the victims paying. All told, small businesses had an average cost of $38,000 to recover from the attacks.
And the cycle always begins with an email, she said. Over a three-year period, that cost roughly $12 billion worldwide, $3 billion in the US alone.
And, Kurtz said, most businesses are at risk, especially businesses that use email, internet, have bank accounts and maintain computerized records including purchase orders, product plans, customer lists, personnel files and similar information. In today’s tech-based environment, that’s pretty much all businesses.
Kurtz said 94 percent of hacks are made possible by people in the organization doing something that is preventable. That can be as simple as using public networks at hotels while traveling for business, not securing computers with appropriate passwords, responding to suspicious emails or opening attachments that allow malicious software to be installed surreptitiously on a computer.
This can impact everything from supply chains to power grids and personnel information to customer data, she said.
“This is a business problem, not just a technology problem,” Kurtz said. Every business is being attacked, no matter how small. If, we mean when, it happens, you can lose your business.”
Kurtz recommends that owners and managers educate themselves on available resources and make the time to educate employees about the risks of cyber breaches and attacks. Regularly review security and technology and write and enforce simple policies to ensure secure networks, she advises. Finally, Kurtz recommends preparing to respond to a breach by regularly backing up data, developing a plan of response when breaches inevitably happen, and lining up a response team.
New Mexico MEP is a nonprofit organization that helps businesses throughout the state increase profitability and competitiveness. To reach a New Mexico MEP consultant, visit https://newmexicomep.org/. Find more cybersecurity resources at https://www.manufacturersedge.com/our-services/cybersecurity/.
Finance New Mexico article 596 by Jason Gibbs