FARGO - Many small-business owners believe they are less likely to be targeted by a cyberattack, but Lisa Jemtrud, director of the Better Business Bureau's Institute for Marketplace Ethics, said the statistics don't back that up.
In fact, 71 percent of all data breaches target small businesses.
Jemtrud shared a number of equally alarming statistics with attendees of a cybersecurity training luncheon sponsored by the Fargo Moorhead West Fargo Chamber of Commerce on Wednesday, Nov. 9, 2016, at the Holiday Inn here.
The average cost for a small business to fix a data breach is $7,100, Jemtrud said. If money was stolen, it costs an average of $32,000.
And cyberattacks are happening more and more often. The FBI has reported a 270 percent increase in cybercrimes since January of 2015.
Jemtrud and fellow panelists Jesse Van Nevel, information security officer at First International Bank & Trust, and Rick Davis, CEO and owner of Insight Technologies, urged attendees to create or refresh their company security policies and procedures.
Many don't, because they think it is overwhelming or that it will be easier to deal with an attack if one happens. Others assume their bank or their insurance will be liable for losses, but Jemtrud said it's important to know that risk before something happens.
Tips for businesses
Jemtrud offered the following action steps for improving cybersecurity:
• Review your security hygiene. Regularly update anti-virus and software programs.
• Have a backup and recovery system in place and test it yearly.
• Educate employees on how to spot phishing and spam emails. It's often said a company's biggest security threat is the person between the mouse and the chair. If trained well, they can also be the best line of defense.
• Review your data lifecycle and storage/destruction policies.
• Review the security of your website.
• Read the contracts of your current and prospective vendors and suppliers.
• Establish stronger controls around the financial areas of your business.
The panelists agreed that the greatest defense is establishing two-factor authentication system where users must provide two means of identification from separate categories of credentials. One is typically a token, such as a card or a FOB, and the other is typically memorized such as a security code.
While Wednesday's event was geared toward business owners, Jemtrud also shared information about the latest consumer scams. Most scammers have one of two objectives, she said. They're either trying to cheat people out of money or trick them into divulging personal information for the purpose of ID theft.
Popular consumer scams today include:
Tech support scams: This is when someone calls posing as a tech support or software representative and says there is a problem with your computer. They ask for a username and password in order to fix the problem remotely. Jemtrud said you should be the one doing the calling if there is a problem with your computer.
Phishing/impersonation emails: These emails often try to get victims to wire money. Always be wary of unsolicited emails.
Contest or prize sollicitations: These are often offered in exchange for taking a survey. Van Nevel said it's important to be suspicious of anything that sounds too good to be true.
"There is no such thing as free money," he said.