Are You at Risk? Use Our Cybersecurity Checklist

By Scott Dawson
May 27, 2022

Today’s cyber threats can impact any company, regardless of size or industry. But did you know that 43% of cyber-attacks are aimed at small businesses, according to Accenture’s Cost of Cybercrime Study? On top of that, only 14% of those businesses are prepared to defend themselves.

Small businesses often lack the cybersecurity resources and expertise of larger companies. This makes them easy targets for hackers. As cybercriminals discover new ways to extort and defraud small businesses, the threats continue to evolve and expand.

We’re no longer dealing with lone hackers in basements. According to the FBI’s Internet Crime Report, cybercrime has become a multi-billion dollar industry—and that industry keeps growing.

The risk doesn’t only come from actual cyberattacks. Companies also face the risk of compliance failure, lost customer trust, and missed contract opportunities.

How Much Importance Should You Place on Cybersecurity?

Many business owners are not sure how much importance to place on cyber protections. You can use this checklist to better understand how cyber risks might affect your business. Consider the following questions:

      • Do you handle any critical or sensitive information, such as trade secrets, customer data, research, company financial information, or personally identifiable information?
      • Do your customers ever ask about your company’s cybersecurity practices or include it in vendor surveys?
      • Are you required to meet any laws, regulations, or standards related to cybersecurity (e.g. PCI, DFARS/CMMC, HIPPA, GDPR, or others)?
      • Have you been turned down by an insurance company for a cyber policy?
      • Do you have employees working at home using their home networks and/or personal devices?
      • Have you faced a cyberattack in the past year, such as ransomware, computer virus, denial-of-service (DOS) attack, identity theft, or breach?

If the answer to any of the above is “yes,” you have a compelling need for cybersecurity. Failure to comply with cybersecurity regulations can result in lost contracts and costly fines. The rise of telework also increases the need for cybersecurity: the more devices and networks your company uses, the higher the risk.

Now consider the following questions:

      • Do you have an ongoing employee training program for cybersecurity practices?
      • Do you have a recovery plan to respond to cybersecurity incidents?
      • Do you regularly monitor executive-level reports or metrics regarding your company’s cybersecurity and cyber-related incidents?
      • Do you maintain a list of the top cybersecurity risks faced by your company, and do you have plans to address them?
      • Do you regularly conduct internal or 3rd-party audits, scans, or assessments of your cybersecurity?
      • Do you regularly test your employees’ ability to spot dangerous emails, such as phishing scams?

If the answer to any of the above is “no,” you likely have gaps in your cybersecurity practices. Most cyber breaches result from basic human error. This makes employee training a top priority. Without ongoing monitoring, updates, and backups, you leave your technologies open to attack.

Review your responses to the checklist questions above. If you find that you have a compelling need for cybersecurity, but you also have gaps in your cybersecurity practices, then your company is at a high risk for cyberattacks.

What Cyberattacks Target Small Businesses?

Cyberattacks can disrupt your normal operations, damage your customer relationships, and worse. According to the Ponemon Institute’s State of Cybersecurity Report, the most common types of attacks on small businesses include:

      • Phishing/Social Engineering: 57%
        These attacks exploit human error to trick employees into giving up sensitive information or clicking bad links. Email security services can scan messages for harmful content, but when it comes to phishing scams, technology only goes so far. Ultimately, you need training to equip your team.
      • Compromised/Stolen Devices: 33%
        Many attacks result from breached devices, whether digitally hacked or physically stolen. This drives home the need for strong passwords and proper encryption.
      • Credential Theft: 30%
        Stolen credentials give hackers an easy way into your systems. It’s especially important to delete unused credentials from your system to cut down on possible infiltration points.

How Core Can Help

Core Business Solutions stands ready to help. We offer audits and scans to measure your business against national and industry cybersecurity standards. We’ll help you ascertain your security posture and find gaps. With that information, we can help you build a simple and effective remediation plan. We can even offer training, expert support, and security technologies to fill the gaps in your security.

Contact us today to learn how we can help your business achieve cybersecurity industry standards.

 

Related Articles:

CMMC 2.0 Rollout

CMMC 2.0 Rollout

Will CMMC Finally Take Effect in March 2023? If you contract with the Department of Defense (DoD), you’ve probably experienced some confusion over the last few years. In 2019, the DoD announced its...

Vulnerability Scanning

Vulnerability Scanning

Data breaches are an all-too-common occurrence. According to Security Magazine, there were 4,145 publicly disclosed breaches in 2021, exposing more than 22 billion records. The consequences of a...

Small Business Cybersecurity

Small Business Cybersecurity

Are you a small business owner who doesn't make cybersecurity a high priority? You're not alone. According to the May 2022 CNBC/SurveyMonkey Small Business Survey, only 5% of small business owners...

Smartlink Execution Complete Please note that the CORE Application window may have fallen behind this window and your Email client. Close this Message