With companies becoming more and more reliant on connected technologies, it’s no surprise cyberattacks are on the rise. Although many entrepreneurs are aware of the increase in cybercrime, what they’re not aware of is the cost associated with recovering from an attack, putting them in a vulnerable position financially. Startups, which are less likely to have generated significant capital, or have the cash reserves or resources to deal with the fallout of a data breach, are particularly at risk should the worst happen.
The number of internet-only startups is growing, but it’s not just businesses operating exclusively online that are being targeted. Any startup company using email, connected devices or a website is a potential victim. Something as simple as clicking a link in an email, losing a smartphone or using an unsecured public Wi-Fi can result in a data breach.
“It will never happen to us”
A recent survey revealed that 57 percent of SMB owners think it’s unlikely they will be targeted by cyber criminals, yet research shows attacks on small businesses have increased. Part of the reason for this is that compared to larger enterprises, smaller companies often have less stringent security measures in place, making them an easier, more attractive target.
The average cost for small and medium sized businesses to recover from a cyberattack is estimated to be $120,000.
However, most do not have that kind of money put aside to get back on track. In the event of a cyberattack, your startup may need to find the money for:
- Replacement hardware and software
- Recouping lost earnings
- Hiring an IT security expert
- Legal fees, should a customer sue if their data is compromised
- Additional staff to provide support to customers
- Reputation management
- Fines, if operating in a regulated industry
- Hiring a lawyer to help deal with all of the above
With so many aspects to consider when managing recovery after a cyberattack, would your startup be able to cope?
Related: Why Investors (and You) Need to Care About Cybersecurity
Protecting your business from a cyberattack
While it’s impossible to prevent a cyberattack, there are measures you can put in place to reduce the risk, as well as offer protection if you are hacked.
Keeping up to date with the latest developments in cybersecurity helps uncover any vulnerabilities in your startup’s setup, and highlights what needs to be put in place to protect your data. If you employ staff, make sure they are trained and know what to look out for, too.
Make it as difficult as possible for hackers to access your sensitive data by installing anti-virus software, and check that the latest software and browser versions are being used. When browsing the internet, be careful about which sites you visit to reduce the risk of being exposed to Malware. Don’t open, reply to, or click a link in an email until you have confirmed it has been sent from a legitimate source.
When out and about, be wary of accessing public Wi-Fi. Hackers can use it as a gateway to intercept communications between your device and the network through a number of methods. Encrypting sensitive data, using verification methods (such as two-factor authentication) and using hard to guess passwords are also important.
Extra peace of mind
With technical considerations taken care of, cyber insurance is the final piece of the puzzle you need to protect your startup. Cyber liability insurance doesn’t just cover the time and money you need to invest to cope with a cyberattack; it also helps get your business back on its feet. This type of policy is often overlooked, as only 9 percent of small business owners have a cyber liability policy in place to deal with the impact of an attack, despite there being so much at stake.
Sign Up: Receive the StartupNation newsletter!
What to do if your startup is a victim of a cyberattack
No matter how well prepared you are, even the smallest vulnerability can be exploited by cybercriminals. In the event of an attack, here’s what you need to do:
- Investigate how the breach occurred
- Execute your contingency plan
- Contact an IT firm
- Contact your insurer
- Restore systems and data
- Tell customers and regulators
- Make sure you can still conduct business
- Hire a PR firm
- Contact local law enforcement
Starting a new venture is tough. Don’t jeopardize all of your hard work by taking a “fingers crossed” approach to cybersecurity.
