According to the National Cyber Security Alliance:
- As many as 50% of employees will pick up and plug in a USB drive they find on the floor or in the parking lot which, in less than 20 seconds, has the potential to steal all of your personal data
- Approximately 60% of employees are using the same password everywhere, and more than 80% of hacking-related breaches leveraged weak passwords
- About 80% of successful cyber attacks exploited already existing vulnerabilities in unpatched software and systems, which could have been prevented by patched systems and software
Any of these bad habits and vulnerabilities can be organization upending.
One might be inclined to argue that a small or mid-market business (SMBs) wouldn’t be a target for cyber attacks, but they couldn’t be more wrong. According to the Small Business Administration (SBA), SMBs can include businesses like CPA firms, law firms, community banks, independent insurance brokers, and financial planners. These types of small businesses usually don’t have as much of a budget or human resources to combat cyber attacks, which is the main reason the FBI says at least 50% of all cyber-attacks are targeted at SMBs.
Even though the Federal Trade Commission’s (FTC) Safeguards Rule mandates many of these organizations have a formal documented cybersecurity program in place, far too many don’t. Worse still, cyber attacks have become so effective that most organizations don’t even know they have been breached until more than six months after the attack, when they find out from a customer, the FBI, FTC, of the IRS.
This means that organizations and the executives who lead them are risking their reputations, and opening themselves up to criminal and civil liability in some cases. By 2020, most experts agree that 50% of companies will evaluate the cybersecurity posture of prospective business partners before engaging with them.
Why continue taking unnecessary risks or the chance of missing out on new business?
Instead, make it a priority to become a cyber-vigilant organization. Becoming a cyber-vigilant organization is not about spending exorbitant amounts of money on technology systems, software, and hardware. It is a journey about ongoing attention that involves people, processes, and yes—some appropriate technology. The key, however, is to adroitly embed cyber readiness in how your organization’s day-to-day operations. Organizations need to shift from being reactive to being proactive. They can do so by implementing pragmatic steps customized to their organization that promote cyber readiness and resiliency.
So, what is in it for you if you do become cyber vigilant? Cyber vigilant organizations are five times less likely to be compromised. If breached, thanks to being prepared ahead of time, the costs involved are often three times lower than if not cyber vigilant. As an added bonus, you will also avoid the possibility of wearing an orange jumpsuit.