Unexpected Capabilities. Unmatched Service.

5 Cybersecurity Lessons Your Small Business Can Learn from Equifax

“Big Three” credit reporting agency Equifax told America in September that it had suffered a cybersecurity breach, putting the sensitive personal and financial information of about 143 million individuals at risk. Not that anyone needed it, but the attack also served as yet another reminder of the dangers lurking for companies of all types – including (and especially) small businesses.

October is National Cybersecurity Awareness Month, so this week, we’re sharing some takeaways that small businesses can glean from the Equifax breach, as well as advice on how to protect your company.

5 Cybersecurity Lessons for Small Businesses

1. Most Small Businesses Are Underprepared: First off, most small businesses aren’t ready for a cyberattack. According to Nationwide’s 2016 Small Business Indicator survey, 54 percent of small companies had already fallen victim to a cyber attack, yet more than three-quarters – 78 percent – said they weren’t prepared for such an attack. Mark Berven, president of Nationwide Property & Casualty, said, “Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets.”

2. Patch Up: Whether it’s your corporate cybersecurity system or even your PC’s antivirus, you’ve probably been occasionally notified that you need to update your software with new patches. Failure to do precisely that is what did Equifax in, by the company’s own admission. One of the biggest aspects of cybersecurity is staying ahead of new advances in cyber threats – and failure to keep your software current can leave your systems vulnerable.

3. Danger Lurks Everywhere: Every small business should have some sort of cybersecurity plan in place, but even then, owners and employees still must be vigilant to keep the bad guys at bay. For instance, clicking on malicious links or downloading infected files from seemingly innocuous emails can end in disaster, and in some cases, disgruntled or greedy employees can even introduce hacks intentionally.

4. Don’t Tell People the Way Equifax Did: Equifax didn’t notify its customers of the cybersecurity breach until about a month after it occurred. That isn’t to say that waiting a while after an attack is necessarily wrong, but that time should be used to put together a coherent response and strategy – something Equifax didn’t do. The website launched in response was a buggy affair that left victims even more confused and even implored many to sign away their legal rights just for information about whether they were affected.

5. Create a Plan: If you don’t have a cybersecurity plan, the fallout from Equifax – the company’s shares plunged, and the CEO has been forced into retirement – should be the motivation you need to put one together. Waiting until after an incident to create a security strategy is too late. Be proactive and figure out your cyber defense and incident response plan now.

Cybersecurity breaches can exact severe financial tolls and even bury companies in some cases. Don’t let your small business – and your customers – fall victim to the next big attack. Learn from Equifax’s mistakes and improve your small business’ cybersecurity posture today.

While cybersecurity isn’t our forte, McManamon & Co. does offer a wealth of consulting services – from strategic planning to recruiting – for small businesses. Call us at 440.892.9088 or contact us online to learn more.

Tags:  , , | Posted in McManamon & Co., small business