Women business owners know the Internet is integral to their success, but many worry about potential cyber-attacks, according to a survey from insurance company The Travelers Companies.
While the reasons for the uncertainty vary, one thing is for sure, small businesses that don’t have the proper protections in place could take an irrecoverable hit.
“Data security is crucial to all businesses,” says Nim Traeger, vice president of risk control at Travelers. “A typical business will have all kinds of data, some of it more valuable and sensitive than others. All the data can have some value to the cyber-criminal and pose harm to the small business owner if lost or corrupted.”
According to data collected at the National Association of Women Business Owners' (NAWBO) conference, 65% of business owners expressed uncertainty about their Internet protections. And contrary to many expectations, Travelers says 40% of cyber-attacks are targeted at organizations with less than 500 employees. Traeger says business owners need to consider that the costs they can incur due to an attack have less to do with the size of the breach then figuring out the cause of it. Many times companies will hire computer forensic firms, which don’t charge by size of the business but how complex the attack was.
“Forensic costs aren’t smaller just because the company is smaller,” says Traeger. Smaller business may also face more costs than bigger businesses if they are attacked because typically they don’t have the internal infrastructure and resources to reduce the impact of the event.
According to Traeger, there are steps business owners can take to mitigate the risks from cyber threats. She says the business owner first has to identify all critical information and then analyze any threats to that information. The analysis should include evaluating any vulnerabilities that would enable a cyber-attack and developing measures to prevent and reduce damage in the event the business falls prey to an attack.
“Develop the plan, implement it and communicate it to leadership and employees so they know their role and responsibilities,” says Traeger. “Test the plan periodically and revise as necessary.” What’s more, Traeger says women business owners shouldn’t take their current insurance for granted when it comes to covering cyber losses. She says business owners should meet with their insurance agent to evaluate the risk and coverage they need. Cyber risk, says Traeger, shouldn’t be something that’s ignored.
Internet concerns aren’t the only thing keeping business owners up at night. The survey also found that more than 42% of women business owners said they weren’t confident they had enough insurance coverage, and more than 50% either don’t have or don’t know if they have a business continuity plan or disaster recovery plan on the books.
In the case of the business continuity and disaster recovery plan, Traeger says not having one can have a “devastating effect” and leaves the business owner without a plan to deal with threats to operations, employees and customers if something unexpected happens.
“Business owners need to consider the fact that, even if they are adequately insured, early prevention is also key to a business’ survival after a disruption,” says Traeger. The importance of a continuity plan can be underscored by the misery hurricane Sandy has extracted on the east coast. Not having a plan will only delay the time it takes to get back up and running.
So how should female business owners go about creating continuity and disaster recovery plan? According to Traeger, an effective one consists of these five steps: conduct a threat assessment; identify and review important business functions; perform a business impact analysis; develop a prevention and mitigation strategy; and implement and maintain the plan.
“Taking the proper risk management steps early on in a business lifecycle as well as obtaining the proper insurance coverage is vital to ensuring that the business’ bottom line is protected,” says Traeger.