Key Takeaways from Aon’s 2019 Cybersecurity Risk Report
Cybersecurity is a growing concern for small businesses. The move from physical hard drives to cloud data storage and from on-premise to cloud software solutions has increased the surface area for cyber attacks. At the same time, these attacks have become increasingly frequent and sophisticated in nature.
The cost of cybercrime also continues to rise with new government regulations and legal challenges. Small businesses are especially vulnerable to cyber attacks because they can rarely afford a data breach. In fact, 43 percent of major data loss victims immediately go out of business!
In this article, we will take a look at some of the latest cybersecurity trends influencing small businesses, which were outlined in Aon’s recent 2019 Cybersecurity Risk Report.
What is the Cybersecurity Risk Report?
Aon is a leading provider of risk, retirement and healthcare solutions with a presence in over 120 countries. Each year, the company prepares a Cybersecurity Risk Report as part of its work in Commercial Risk Solutions. The 2019 Cybersecurity Risk Report highlighted eight areas where the firm expects cybersecurity to play a bigger role this year.
Download our free guide to creating a cybersecurity plan and reduce your cyber risk.
Let’s take a look at the eight core areas and how they apply to small businesses.
Many small businesses are undergoing a digital transformation, which creates new and unanticipated cyber risks. For example, newspaper publisher may branch out into online publishing and sell subscriptions to online news. It’s important to be aware of the new risks associated with these transformations and embrace new ways of doing business to account for them.
#2 Supply Chain
Many small businesses rely on external service providers on a day-to-day basis. The problem is that nearly 60 percent of companies in the U.S. and the U.K. say they have experienced a data breach via a third party. It’s important to ensure that data is protected across these supply chains as they expand, particularly in emerging areas like Internet of Things (IoT).
#3 Internet of Things
Many small businesses rely on Internet of Things, or IoT, devices, which can open the door to destructive cyber attacks. For example, botnets use large groups of compromised IoT devices to launch distributed denial of se rvice (DDoS) attacks. Businesses must be sure to carefully monitor all of their IoT endpoints to ensure that they are secure.
#4 Business Operations
Many small businesses rely on technology to run day-to-day business operations. If there’s a malware infection, shutting down the technology can slow the business to a standstill. Investing in protection from these threats and carefully selecting vendors can help minimize disruptions and ensure that these systems remain operational at all times.
More than half of businesses experienced an insider-related attack between 2017 and 2018, whether a deliberate malicious attack or an accidental incident (e.g., clicking on a phishing email). Small businesses can avoid these attacks by properly setting employee privileges and keeping detailed logs, as well as training all employees on how to recognize phishing attempts.
#6 Mergers & Acquisitions
Mergers and acquisitions have been on the rise in recent years, but small businesses looking to expand through these channels should be cognizant of cybersecurity risks. A cybersecurity breach during an acquisition can lead to lower deal prices, while the lack of cybersecurity controls in a target acquisition can be a reason to delay integration.
Cybersecurity regulations have dramatically expanded over the past couple of years. From the SEC to the GDPR, businesses of all sizes are subject to strict regulations and violations could result in substantial fines. Small businesses should carefully track any new industry regulations and ensure that they’re always compliant with new requirements.
#8 Board of Directors
Directors and officers face growing personal liability relative to cybersecurity oversights. Class action lawsuits from customers or clients affected from a data breach are enough to bankrupt most small businesses, while even smaller lawsuits can prove very costly to officers and directors.
Action Items for Small Businesses
The challenge for many small businesses is balancing the need for cybersecurity with the time and budget required to implement cybersecurity best practices. While everyone would love dedicated personnel and robust systems, these costly solutions may not be feasible for small businesses that are already struggling to make payroll each month.
Don’t forget to download our free guide to creating a cybersecurity plan and reduce your cyber risk.
The good news is that there are some easy steps that you can take to get started:
Encrypt everything: Most modern operating systems have tools designed to encrypt the data on the device. If the device is stolen, you can be sure that the data is safe from prying eyes, which eliminates a key data breach risk.
Encrypted cloud backup: Ransomware has become increasingly common over the past few years. By encrypting and backing up data to the cloud, you can immediately restore data from an infected computer system without paying a ransom.
Active network protection: Protecting your network with anti-malware, anti-phishing and intrusion detection can dramatically reduce your risk of employees accidentally opening malicious emails or criminals gaining access to servers via unsecured ports.
Password management: Most passwords are incredibly easy for attackers to guess. By using a password manager, you can force employees to use strong passwords, regularly change them and avoid using the dreaded password spreadsheet.
These four simple steps can eliminate many important cybersecurity risks. After taking these steps, you may want to consider drafting a cybersecurity plan, implementing employee training and looking more closely at any industry regulation. Cyber insurance can also be a great way to reduce risk from potentially unseen or unknown risk factors.
How to Get Started
Jungle Disk provides a cybersecurity suite that’s designed specifically for small businesses with two to 250 employees. Unlike many enterprise solutions, we operate on a simple and scalable per-employee model and provide a robust set of cybersecurity solutions designed to help healthcare, legal and other niche small businesses remain compliant.