It wasn’t so long ago that if we talked about some great heist, we were talking about some big bank robbery. Our history is full of bank robbers, from Jesse James to Bonnie and Clyde. They are the stuff of legends, but the world has changed. The great heists today are happening on the internet and we have no names to associate with the criminals, and they are not the stuff of legends. Instead we know the big targets they went after, like Target, or Equifax. Sadly, the attacks we don’t hear about, the small businesses, are just as painful.
A Denver Post article from October 2016, says that about 60% of small businesses that are victims of a successful cyberattack will close their doors within six months. The US National Security Alliance, in their study on Cybercrime suggested that 62% of small and medium sized businesses will be hit in a given year by one of the nearly 4000 cyberattacks that are launched daily. And what is the cost of cleaning up a cyberattack? The Ponemon Institute suggested that the average price for a small business to clean up the mess created by a cyberattack will be $690,000! For most small businesses the price of the cleanup combined with the lost business, downtime and damaged reputation combine to have catastrophic results.
So what are cybercriminals after? There could be a number of things. If it is a ransomware attack, they are usually after money from the company they attack. Other types of attack are more insidious, they insert themselves in your system and send out client information without your knowledge, or copy your client information and accounting records. This information may be used by them or sold to other organizations at a later time. Records like this have a long shelf life. Your bank account numbers, credit card information, and details about your personal life are all valuable to someone who wants to use your identity. These details are referred to as Personally Identifiable Information. It includes any information that can be used to distinguish one person from another. It is information that allows someone to identify a specific individual in what would otherwise be a mass of anonymous data.
As a small business you are responsible for safeguarding client and employee information. At SaviorLabs, we are well aware of the pain small businesses go through. We get regular calls from businesses who never thought they would fall victim to cybercrime. That is why we are working together with the Enterprise Center at Salem State University to bring small businesses in the area a Free Seminar on Personally Identifiable Information. In the Seminar we will define what constitutes PII and then discuss what you, as a business owner, needs to know about what client information you can store, how it must be stored, how to protect it against cybercrime, and how to create easy to manage compliance systems to protect yourself from potential legal action should your computer or network get compromised.