In his book The Road Less Stupid, Keith Cunningham makes this valuable observation about succeeding in business: “I don’t need to do more smart things. I just need to do fewer dumb things.”

When it comes to cyber security, I see a lot of dumb decisions made by smart people. Usually, it is based on gross ignorance about what can happen. Or maybe they want to stick their head in the sand. This way they can avoid having to spend the money and time to protect their assets.

My Business is Too Small to Get Hacked

One of the biggest mistakes is thinking you won’t get hacked because you’re too small. Another is thinking you “don’t have anything the hackers would want.” Allow me to point out that you’re not too small to get hacked. However, you are too small to make headline news. Millions of small businesses get hacked every year – they simply don’t talk about it because of the potential liability, bad PR and loss of client and marketplace trust. They’re embarrassed.

Further, you’re right – hackers, for the most part, don’t want your stuff. That is unless you happen to have medical records, credit cards, social security numbers, etc. Those are very valuable digital assets that can be sold on the dark-web marketplace – and cyber criminals are in it for the money. But more to the point, YOU want your stuff. Hackers will kidnap your information and hold it for a ransom to extort money from you. Kidnappers don’t steal a child because they want to start a family. They steal your children because YOU want your children and they know you’ll pay anything to get them back, safe and sound.

So it goes with ransomware. When all of your work files and emails go away, very few businesses can pick up from ground zero and keep operating without any losses. Perhaps the solo operator working from home, but certainly not a small business that has been operating for several years with multiple clients and employees producing work for clients.

I’ll Just Get Cyber Insurance

Another excuse I hear for not implementing cyber protections is, “Since I’m going to get hacked anyway, why bother spending so much money on cyber security? I’ll just get an insurance policy, back up my data and take the hit.”

While that might sound logical, here’s why it’s a stupid plan…

Insurance companies are in business to make money, NOT pay out policy claims. A few years ago, cyber insurance carriers were keeping 70% of premiums as profit and only paying out 30% in claims. Fast-forward to today, and those figures are turned upside down. As a result, carriers have drastically changed how cyber liability insurance is acquired and coverages paid. In fact, the CEO of Zurich Insurance Group recently predicted that cyber-attacks could become uninsurable.

Today, getting even a basic cyber liability policy requires you to prove you have certain security measures in place. These typically include multifactor authentication, password management, endpoint protection and tested and proven data backup solutions. These carriers also want to see phishing training and cyber security awareness training in place. Some will want to see a WISP, or written information security program or a business continuity plan from your organization. Depending on the carrier, your specific situation and the coverage you’re seeking, the list can be longer. Click here for an example.

Protect Your Business From Hackers

Hackers are onto your backup plan. So they create ransomware attacks to not only take your data but also corrupt your backup. They will also threaten that if you don’t pay, they’ll release your files online for all to see, including payroll information, ALL email communications, client contracts and more. Do you really want your confidential information in the hands of competitors and the general public? Insurance won’t cover that.

Bottom line: having cyber-protections in place cannot guarantee you will never get hacked. However, it CAN dramatically prevent the damage done and absolutely will block the majority of attempts, preventing you from being low-hanging fruit.

Wearing a seat belt, having a safe car and practicing good driving behaviors won’t guarantee you’ll never be in a car wreck – but if you do those things, the risk of getting into crash go down dramatically AND your chances of coming out alive and unharmed will obviously increase.

Want a FREE, confidential assessment of your current cyber security status? Click here to schedule a quick 15-minute call to see if you could benefit from a more robust cyber security plan.