We all know the stories that hit the press about cyber leaks in big companies, and we’ve heard even smaller companies are at risk. The temptation to ignore that warning – “we’re too small for them to bother with us” – may be tempered a bit when we read these statistics:
- 58% of malware attack victims are categorized as small businesses
- In 2017, cyber attacks cost small and medium-sized businesses an average of $2,235,000.
- 92.4% of malware is delivered via email
- 60% of small businesses say attacks are becoming more severe and more sophisticated.
Those quotes come from a good friend and business associate who runs a firm dedicated to helping small businesses prevent and/or recover from cyber attacks. Dr. Stan Stahl of Citadel Information Group, Inc., provided this helpful checklist, which he calls “Critical Success Factors.” I thought it useful enough to repeat the list here:
- Proactive leadership
- Formal information security policies and standards
- Identify, document and control sensitive information
- Train and educate personnel. Develop a culture of awareness.
- Manage 3rd party % vendor security
- Manage IT infrastructure from an information security perspective
- Be prepared. Incident response and business continuity
As always, we welcome your thoughts and observations on our occasional posts.