Going Phishing?

Ice-Fishing, The Great MN Pastime! Minnesota Fishermen are die-hards to sit out in below sub-zero temperatures to drill through the ice, drop a line and wait to see if they get a bite.  Modern technology and heated icehouses have made that sport more enjoyable over the years, but the concept is still the same.  It is the waiting game to bait the hook, drop the line and see which fish will be the first one to nibble and get hooked.  Being in the technology industry, I can’t help but notice how this is kind of like the Phishing attempts you may have seen in your email, isn’t it? 

Seems as though, we are constantly hearing about a new cyberattack on companies or data breaches where personal information was compromised.  How many of us think, “that only happens to the Enterprise Companies” or “why would they want to go after a small/mid or even large company in central Minnesota”?  But then think about all those weird emails that you receive, and you aren’t sure if it is legit or not.  How many of you, or someone you know has clicked on and opened something in an email you shouldn’t have? What about the ever-annoying phone calls trying to get you to give out some personal information you shouldn’t share? Or, what about that letter that comes in the mail saying your unemployment benefit was denied…only to find out someone used your name to apply.  The latter happened to me, gave me a scare but thankfully they only had my name correct, and no other personal data. If large, enterprise level companies with full time IT departments have been affected, what are small to mid-sized businesses to do to protect themselves?

In a recent article on Nerdwallet, the average reported cyberattack cost for small businesses with fewer than 250 employees was $25,600 in 2021. For some small business, the money and time it takes to recover may just be at an amount where recovery is unfortunately not an option.  According to Verizon’s 2020 Data Breach Investigations Report, 43% of cyber attacks target small businesses. According to the US National Cyber Security Alliance, 60% of small businesses go out of business within 6 months of experiencing a cyberattack.

You do not have to be a statistic. There are things you can do to protect your business.

Look into Cybersecurity insurance.  Due to the frequency of cyber incidents, there are more policies available to choose from.  First party coverage vs. third party coverage, liability coverages, errors & omissions coverage, etc.  While I do not claim to be an insurance agent to help you navigate through the many different types of policies or riders that are out there, I can tell you that it is not as simple as adding it in your shopping cart and paying for it at the checkout.  You want to make good, informed decisions about what’s best for your business. Talk to your trusted insurance advisors on what options make the most sense and what’s best for your small business.  Many of these policies also have a questionnaire that goes along with it because they want to make sure you have a cybersecurity plan in place at your business prior to them insuring you. This makes perfect sense, as it’s always best to prevent a cyber-attack, rather than trying to recover from one, right?

Have a Cybersecurity Plan. Our March Lunch Gig is sponsored by TPx and, among other offerings, they can do a security assessment on your business to help identify your weaknesses so that you can become stronger.  Assess, Secure and Train!

Prepare and Respond (by TPx)

• Are my network entry points effectively secured?
• Are my systems properly patched against vulnerabilities?
• Do I have the visibility I need into who is on my network?
• Does my organization’s staff know how to avoid security risks in email and other attack vectors?
• Does my backup strategy allow me to recover quickly and minimize downtime?
• Is my incident response plan detailed enough to enable my team to respond effectively in the event of an attack?

Cybersecurity plans don’t just stop at the assessment and securing your network.  They are an ongoing practice crucial for businesses to put in place to protect your data.  Training for your employees should continue throughout the years with topics like developing stronger passwords, multi-factor authentication, the importance of software updates, and (probably most important) increasing your email security.  There are companies, like TPx, that will go “phishing” for you and see how many of your employees take the bite.

Register for our March Lunch Gig on Wednesday, March 9^th at 11:30 to hear more about this topic from our vendor sponsor TPx, and your local trusted advocate, InteleCONNECT.