It’s easy to ignore cybersecurity, especially if you run a small- to medium-sized organization. But cybersecurity risk affects everyone, and the cost of a breach can be devastating.

Here are some reasons you need to pay attention to your vulnerabilities now:

Recently, we looked at the Joe Sullivan case, in which Uber’s former CISO failed to report a major data breach, and which resulted in $148 million in fines against Uber for violating data breach disclosure laws in multiple states. If you’re responsible for technology at a similarly large company, stories like this can be nerve-wracking.

For small- and medium-sized businesses, however, it’s all too easy to shrug off the danger. Oh, that’s a terrible story, you may think, but we’re too small to do that kind of damage. This warning doesn’t apply to me.

Nothing could be further from the truth.

Whether you’re a multinational corporation or a family-run office, your organization has a legal obligation to protect both your company’s and your customers’ data.

Here are some reasons why:

  1. Companies of all sizes and industries are now being hacked regularly. Recent data breaches have occurred at the University of Windsor, the Town of Halton Hills, Northern Credit Union, and Maple Leaf Foods, to name a few.
  2. Hacking has become easy to do. The internet is full of tutorials. You can even order books to show you how. This means that hackers are everywhere and don’t need specialized training to inflict harm.
  3. The average cost of a data breach is $5.4 million.* This cost can be disastrous, especially for a small and medium-sized business (SMB).
  4. 84% of SMBs are vulnerable to spoofing.** Spoofing describes any activity a hacker users to make you think they are a legitimate or familiar organization. For example, they may trick you into thinking they are a known brand. When you click on the link they provide, you’re exposed to bad code in their Internet facing web site, web server or web application that can inject malicious scripts and gain access to user names, passwords or even a database.

Indeed, the Toronto Star reported in 2021 that “A quarter of small businesses say they have already experienced a cyber attack.”

What sort of information is at risk? If you collect customer data (and chances are you do), you have a legal obligation to protect their email addresses, physical addresses, credit card information, and any other personal (or organizational) data they give you.

But hackers aren’t only interested in your customers. You also need to protect:

  1. Your organization’s IP and trade secrets
  2. Internal passwords
  3. Employees’ personal data
  4. Bank account information
  5. System administration access

… and more.

Failing to take appropriate steps now could leave you liable for damages from your customers, loss of reputation, or lawsuits. To make matters worse, you could also be facing fines on top of remediating costs.

The good news is there are steps you can take to help protect yourself and your organization. We’ll cover these in our next post.

In the meantime, be sure to contact our team of cybersecurity experts for your questions or to learn how to get started today.

*IBM’s 2021 Cost of a Data Breach Study
**CyberCatch’s 2021 Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR)