We all know the stories that hit the press about cyber leaks in big companies, and we’ve heard even smaller companies are at risk. The temptation to ignore that warning – “we’re too small for them to bother with us” – may be tempered a bit when we read these statistics:

• 58% of malware attack victims are categorized as small businesses
• In 2017, cyber attacks cost small and medium-sized businesses an average of $2,235,000.
• 92.4% of malware is delivered via email
• 60% of small businesses say attacks are becoming more severe and more sophisticated.

Those quotes come from a good friend and business associate who runs a firm dedicated to helping small businesses prevent and/or recover from cyber attacks. Dr. Stan Stahl of Citadel Information Group, Inc., provided this helpful checklist, which he calls “Critical Success Factors.” I thought it useful enough to repeat the list here:

1. Proactive leadership
2. Formal information security policies and standards
3. Identify, document and control sensitive information
4. Train and educate personnel. Develop a culture of awareness.
5. Manage 3^rd party % vendor security
6. Manage IT infrastructure from an information security perspective
7. Be prepared. Incident response and business continuity

For more information, I’m sure Stan will happily respond to inquiries to stan@citadel-information.com. His website is www.citadel-information.com

As always, we welcome your thoughts and observations on our occasional posts.