As the business world evolves, technology is taking a much larger role in the business owner’s daily life. In many ways, this has created incredible opportunities for growth and innovation. But very few things in life come without a downside. With the conveniences and capabilities that technology brings, come new threats. It seems that data breaches have become a regular occurrence. This causes lots of undue stress and can lead to thousands (if not hundreds of thousands) of dollars in expenses, as well as lost trust from your clients. That’s why cybersecurity has become an absolute necessity for business owners. I recently sat down with an industry leader to discuss this topic and now, I’m going to share what I’ve learned about cybersecurity for small business owners.
Follow Along With The Financially Simple Podcast!
TIME INDEX:
Before going too deep, I wanted to get a clear handle on what cybersecurity really is. That’s why I turned to my friend, Jonathan Addington, founder of JM Addington Technology Solutions. Jonathan’s company specializes in business cybersecurity and right now, they’re offering a free cybersecurity assessment to Financially Simple readers/listeners. So, once you’re finished here, be sure to take advantage of this great deal! Additionally, if you’re interested in connecting with Jonathan, you can find him on his LinkedIn profile.
Now that that’s out of the way, let’s dig into the meat of our topic. There’s still a bit of mystique surrounding cybersecurity. If you’ve watched any of the Hollywood spy thrillers that have been released in the last 20 years or so, you likely associate cybersecurity with international espionage, hackers, or even a computer simulation of the real world created by sentient machines. However, when it comes to cybersecurity for small business owners, Jonathan had a much more down-to-earth definition. According to Jonathan, small business cybersecurity is simply about risk management.
Much like the world of financial planning, cybersecurity is about assessing individual risk and partnering with an expert to create plans and strategies to mitigate that risk. Companies like Jonathan’s work to fortify the entryways that hackers and cyber-criminals use to attack your business. Basically, they create stop blocks on your website, office computer systems, smart devices, and any other connected electronic devices your business uses.
Now you know what cybersecurity really is. But what’s the big deal? Why would a small business owner need to implement cybersecurity in their risk management plans? Well, to help answer that question, Jonathan shared a cautionary tale from June of 2021. His firm was in the process of onboarding a new client. This client is a local business that does around $2-3MM per year in revenues and they’d never employed the services of a cybersecurity firm before.
As Jonathan and his team were going through the onboarding process, they discovered that someone was already in their system. This person had infiltrated their email, their calendars, and was just moments away from initiating a $400K wire transfer. Now, you might think there are insurance policies to protect you and your organization. However, you must really review your policies to make sure. You see, in this particular case, I would have thought that this would be a simple Errors & Omissions (the financial world’s version of malpractice) claim. Jonathan quickly informed me that this is not a valid E&O claim because the company could be held liable for a lack of due diligence.
Because they had not put measures in place to prevent this attack from happening, the insurance company is within its rights to deny payment. Even cybersecurity insurance policies have become much less forgiving to those with no controls in place. The scary part of this is that most small businesses are operating without the proper controls in place to protect themselves and their clients. As a result, many small businesses are susceptible to cybercrime and have little to no recourse for recouping their losses.
I’m sure that you don’t want to find yourself in a position like the company that was moments away from a $400K attack. I mean, talk about business disruption. But how do you deal with cybersecurity issues in your own business? Well, for starters, you need to partner with someone. Cybersecurity is a highly specialized field with even greater subsets of specialization within its own ranks. If you’re handling cybersecurity on your own, you’re not handling cybersecurity.
Next, you must perceive the risks. I’m not saying you need to know what Next Generation Anti-Virus (NGAV) or Endpoint Detection & Response (EDR) is. But whoever you’ve partnered with should be able to explain the business impact of each risk to you. Because you’re a business owner, you think like a business owner. The bad guys don’t always think or act in ways that you might expect them to. Creating a dummy website is a simple and effective way for them to gain access to your client’s account information. In fact, Jonathan showed this tactic to a business owner. In only a few minutes, he had created a dummy site and email. It was so good that even the business owner didn’t know they weren’t his until Jonathan told him. So, you must understand the risks.
Finally, you must create a plan. With an expert in your corner and an understanding of the risks you and your business face, you can create a plan to mitigate them. After drafting your plan, you really should test it. You don’t want to fall into a false sense of security or grow complacent here. A plan does you no good if it turns out to be a bad plan.
Friends, I’m a business owner just like you. When I hear these stories, my mind begins spinning. I’m thinking of how much a single attack would set the value of my business back. The long-term damage seems to be almost incalculable. I’m sure that some of you have already started down this rabbit hole, as well. But Jonathan brought up a good point. He said if he were to give me, a CFP®, his portfolio to manage, even in a bull market, he’s not going to think that his accounts are just going to zero.
Instead, he trusts that with my expertise and experience, I’m going to be able to navigate even a struggling market to help him get his portfolio where he wants it to go. That only happens when we have a plan. The same is true with cybersecurity for small business owners. Sure, bad things can happen. But, if you have a plan in place, you stand a much better chance of either avoiding them or mitigating the damage they could cause to your business.
When you’re working with a partner in cybersecurity, you have the advantage of being able to make a plan and test it. Think of your favorite football team. They aren’t running the plays you see on tv for the first time on game day. Instead, they practice, running the same play over and over again until they get it just right. That’s what you’re doing when you test your plans with your cybersecurity partner. You run through the plan to see if there are any holes. If there are, you adjust and retest until you’re able to stop most threats from reaching you or your business.
Friends, one of the scariest parts of owning a business is that you don’t know what you don’t know. I’ll admit, there is a lot to do with cybersecurity that I just don’t know about. Chances are, you could say the same about yourself. However, protecting yourself, your business, and your clientele from digital threats is an absolute necessity. Partnering with a cybersecurity firm isn’t as costly as you might think, either. Of course, the pricing will depend on your individual needs but you’ll generally spend between $175 and $300 per user per month. So, for a 10 person firm, you’re looking at around $3,000 per month.
That will help protect you from $400K wire transfers, dummy sites, ransomware, phishing scams, etc. Additionally, you’ll have a partner who is helping you identify problem areas and developing and testing plans to mitigate the risks you face. In my mind, that’s money well spent. I will always choose to have peace of mind when it comes to my business and our clients.
Look, I know life is hard. Every day, we face new challenges. But life is good. Dealing with cybersecurity for your small business can be frustrating when you don’t know how to address it. But partnering with a great firm can help make cybersecurity at least financially simple.
If you have further questions about how to implement cybersecurity plans or anything business-related, reach out to us! The Financially Simple team strives to help you grow your business to be the best it can be.