Simon Wadsworth explores the impact of a cyber-attack on small business, and provides useful tips and advice on how to protect your company’s reputation online.
The rise of Internet technologies like social media and review sites have fundamentally changed the way we do business. Yet my experience with Igniyte has shown me that increasing reliance on electronic media makes businesses increasingly vulnerable to cyber-attacks, damaging their reputations. Every business needs to ask itself whether it is protecting itself from a cyber-attack.
Cyber-attacks are on the rise
The increasing prominence of digital technologies, coupled with growing reliance on their capabilities has caused cyber-attacks to rise throughout the past few years. A study from Price Water House Coopers (PWC) predicted that there were 42.8 million cyber-attacks in 2014; a staggering rise of 48% from the previous year.
Elsewhere Trend Micro’s annual security report suggested that cyber-attacks are becoming more sophisticated. The report also revealed that ‘point of sale’ (PoS) breaches were on the rise last year. According to Tech Week Europe Office, Staples and EBay were all hit with PoS attacks over the last 12 months – causing issues such as data loss.
Cyber-attacks impact small businesses
A report from the Ponemon Institute found that the average cost of a cyber-attack to any organisation in the US is $9 million, but this could increase to as much as $163 million. SMEs are particularly impacted – according to the report 60% of small and medium sized businesses were forced to close within six months of a cyber-breach.
As this, and Trend Micro’s report prove, there are a number of consequences for a small business when they experience an attack including revenue loss, and in some cases customer data. Which has the potential to create mistrust among customers, and potentially reputational damage.
Last year, an incident at supermarket chain Morrisons demonstrated how a cyber-attack has the potential to damage a business’ reputation. Hackers stole information relating to 100,000 Morrisons employees. The supermarket reacted by posting a message on Facebook telling employees about the breach and detailing how they were going to combat it. The post was not received well by staff, some of whom responded angrily. The story was soon all over news outlets such as the BBC.
Online technologies can damage a business’ reputation
The Morrisons example shows how online technologies such as IT systems, have the potential to threaten a business’ reputation. It is important to have a strategy in place to manage an IT issue should one arise. The use of social media, reviews, online content and press should be treated in a similar way.
Failing to monitor what is being said about your business online could result in unwanted content about your company ranking on the first page of a Google search for your company’s name. The search engine sees these sites as particularly authoritative so they’re incredibly likely to rank. Since, according to a study from Chitika, the first page of a Google search gets 92% of all search traffic, the content will be seen by a large share of any firm’s potential customer base and damage their reputation.
Three-quarters of SMEs don’t know what a cyber-insurance policy is
Further evidence shows why cyber-attacks are a serious threat to the reputation of any company, especially small businesses. While many invest in anti-virus programmes as a preventative measure, a recent report from Software Advice found that a large share of SMEs do not have cyber insurance policies. The report found that only 2% of firms with fewer than 500 employees had a cyber-insurance policy; 67% did not even know what one was.
Because cyber-crime is relatively new, a lot of SMEs are not aware of the potential risk it poses and do not feel the need to invest in an insurance policy. John Tierne, CEO at Agency network Exchange, which represents thousands of agents in the Northeast of the US, explained “small businesses are still very reluctant to sign up for the coverage and that really concerns us because some 30% of breaches occur in these small companies with fewer than 250 employees.”
Protecting from reputational damage due to a cyber-attack?
Companies should consider investing in a cyber-insurance policy to limit any reputational damage due to a cyber-attack. There are other steps businesses can take to face the reputational damage of a cyber-attack too:
- Take legal action: Cyber-attacks are also referred to as cyber-crimes. Take legal action to limit the damage the breach has reaped on your reputation.
- Remove content: If the breach has resulted in unwanted content impacting on your reputation you may be able to have it removed if the content is defamatory or unsubstantiated. The removal of content is achievable where there has been a violation of the website’s terms and conditions, the UK Defamation Act 2013 or the EC Directive for ecommerce. For example content may be removed from Facebook under its Community Standards, if someone has published personal information without consent.
- Take control of the first page: Limit the impact of a cyber-attack on your reputation by taking control of the first page of a search for your name on Google. Create digital assets (e.g. websites, social media profiles, blog accounts) and optimise them with your name so Google recognises that they are relevant to a search for your name; fill your assets with relevant, consistent content.
- Follow data protection best practices: Take preventative measures to ensure the problem does not get worse. Implement data protection best practices such as investing in an anti-virus programme and using complex passwords.
Protect your company’s reputation from a cyber-attack
If you’re putting data protection best practices into place and have invested in a cyber-insurance policy then you are already taking steps to safeguard your business from a cyber-attack. It is also important to be aware of how best to protect your business’s reputation online, and minimise any damage from a cyber-attack should one happen.
For more information on protecting your company’s reputation online contact me on tel: +44 (0) 203 542 8689 or email firstname.lastname@example.org in confidence.