You might already know about the escalating cyber threats, from ransomware to hackers; but it is very possible you are underestimating the risk to you and your business. This is not a topic to be casual about. Should a breach occur, your reputation, your money, and your company will be on the line. Here are five ways your company can be damaged by cybercrime:
1. Cost, After Cost, After Cost: ONE breach, one ransomware attack, one rogue employee can create HOURS of extra work for staff who are already maxed out when things are going well. Then there’s business interruption and downtime, backlogged work delivery for your current clients. Loss of sales. Forensics costs to determine what kind of hack attack occurred, what part of the network is/was affected and what data was compromised. Emergency IT restoration costs for getting you back up, if that’s even possible. In some cases, you’ll be forced to pay the ransom, and maybe – just maybe – they’ll give you your data back. Cash flow will be significantly disrupted, budgets blown up. Some states require companies to provide one year of credit-monitoring services to consumers affected by a data breach and more are following suit. According to the Cost of Data Breach Study conducted by Ponemon Institute, the average cost of a data breach is $225 per record compromised, after factoring in IT recovery costs, lost revenue, downtime, fines, legal fees, etc. How many client records do you have? Employees? Multiply that by $225 and you’ll start to get a sense of the costs to your organization.
2. Fines, Legal Fees, Lawsuits: Breach notification statutes remain one of the most active areas of the law. Right now, several senators are lobbying for “massive and mandatory” fines and more aggressive legislation pertaining to data breaches and data privacy. The courts are NOT in your favor if you expose client data to cybercriminals. Don’t think for a minute that this only applies to big corporations: ANY business that collects customer information also has important obligations to its customers to tell them if they experience a breach. In fact, 47 states and the District of Columbia each have their own data breach laws – and they are getting tougher by the minute.
3. Bank Fraud: If your bank account is accessed and funds stolen, the bank is NOT responsible for replacing those funds. Hackers able to access your PC can intercept e-mails and take advantage of leader/subordinate communications. They could pose as a CEO or other financial leader asking an assistant to make wire transfers or other financial transactions that would be normal business operations. They can even intercept daily banking alerts so their activity goes unnoticed temporarily. Once the money is gone, it is rarely recovered and the bank is not responsible.
4. Reputational Damages: What’s worse than a data breach? Trying to cover it up. Companies are learning that lesson the hard way, facing multiple class-action lawsuits for NOT telling their users immediately when they discovered they were hacked. With Dark Web monitoring and forensics tools, WHERE data gets breached is easily traced back to the company and website, so you cannot hide it. When it happens, do you think your customers and partners will rally around you? News like this travels fast. They will demand answers: HAVE YOU BEEN RESPONSIBLE in putting protections in place, or will you have to tell your clients, “Sorry, we got hacked because we didn’t think it would happen to us,” or “We didn’t want to spend the money.”
5. Using YOU As The Means To Infect Your Clients: Some hackers don’t lock your data for ransom or to steal money. Often they use your server, website, or profile to spread viruses and/or compromise other PCs. If they hack your website, they can use it to relay spam, run malware, build SEO pages or promote their religious or political ideals.
In addition to not fully understanding the risk to you, it is also possible you are NOT fully protected and are operating under a false sense of security, ill-advised and underserved by your outsourced IT company. You must get involved and make sure your company is prepared and adequately protected. Catch up on our cybersecurity webinar series to learn more about improving you security posture.