High-profile data breaches have become common in the headlines, but it’s not just big businesses that are the targets of hackers. According to the 2018 Hiscox Small Business Cyber Risk Report, 47% of small businesses had at least one cyber attack in the past year. Yet, barely 52% of small businesses have a clearly defined strategy for cybersecurity. Even more alarming is the fact that 65% of small businesses failed to act after experiencing a cybersecurity incident.
Cyberattacks are costly. The Ponemon Institute reported that average costs in 2017 related to a malware attack on small and medium-sized businesses were $1.03 million due to damage or theft of IT assets, and $1.21 million due to disruption of business operations.
The good news is that free resources are available to small and medium-sized businesses to beef up their cybersecurity. The Global Cybersecurity Alliance (GCA), a non-profit organization backed by the New York City District Attorney’s Office and the City of London Police, recently released a free cybersecurity toolkit. The toolkit is great for business owners who want to reduce common cyber risks.
The GCA Cybersecurity Toolkit is built around the Center for Internet Security Controls framework. GCA claims that addressing just the first five CIS Controls can reduce the risk of cyberattack by 85%. Geared toward a nontechnical audience, the GCA Cybersecurity Toolkit takes users through six “toolboxes,” each one designed to address an aspect of cybersecurity:
- Know what you have – take inventory of hardware and software
- Update your defenses – updating systems, applications, and security settings, and securing your website
- Beyond simple passwords –selecting strong passwords and implementing two-factor authorization
- Prevent phishing and viruses – preventing malware and phishing attacks
- Defend against ransomware – using backup tools to guard against ransomware infection
- Protect your brand – preventing others from spoofing your brand name and email addresses
If you’re a business owner looking for a user-friendly way to begin building a cybersecurity program, the GCA Cybersecurity Toolkit is a good starting point.