I know you think this headline is over the top and I’m over exaggerating things. It goes without saying however, that facts don’t lie. Sixty percent of small businesses who suffer a cyber attack are closed within 6 months of the attack taking place.
So how and why does this happen?
Most small to medium firm leaders buy into a number of misconceptions about them and their firm’s being a target.
One of those misconceptions is their firms is too small and they’re not a target. This makes them an easy prey because they tend to put zero protections in place or grossly inadequate ones.
Another common misconception is that you have competent IT people or protections in place. Naturally, not all protections are made equal, and most are not up to the task against the advanced attacks we’ve been seeing today.
Further, to truly prevent damage from occurring, your systems must be monitored by a security operations centre for cyber security threats 24x7x365 and response taken immediately. Most outsourced IT companies don’t offer this service and most internal IT teams have a limited number of resources.
Obviously, you’ll burn your internal IT team out, expecting them to be watching your systems round the clock. The only way this is sustainable is if you have the budget to employ enough of them on rotating shifts. Naturally, this is not a cheap exercise. Alternatively, you can work with an outsourced IT provider to co-manage your IT and security needs.
What could you realistically expect when you fall victim?
Fact is, even one event could trigger an avalanche of dominoes in the form of disruptions, costs and damages to your firm that could last months or years or worse, you may never recover and be simply forced to close your doors. Here’s hoping you never have to endure the costly and time-consuming clean-up of a cyber-attack. Here’s the dominoes you can expect to fall.
A Mountain of Costs. Just one breach or ransomware attack can create untold hours of extra work for your entire team. Then there’s business interruption, downtime and backlogged work delivery for your current clients. Because your attention is diverted, productivity suffers and its not uncommon to see your revenue numbers plummet for weeks or months.
Then there’s costs associated with the hack. First, there are forensics costs to work out what kind of hack occurred, which parts of the network or your IT systems were affected, and what data was compromised. Second, you can expect to pay for emergency IT restoration costs for getting back up and running. You may have to source brand new hardware for every member of your team or reset up your entire on premise or public cloud environment from scratch while the forensics take place.
Third, if you suffer a ransomware attack, you’ll have to fork out the ransom to stop the criminals from publicly releasing your clients extremely sensitive personal information for anyone to find. The average ransom demand in 2021 is US $850,000, do you have this money sitting spare to pay the ransom? Could you also afford to pay out such a large sum in one hit?
Next, comes the government fines and lawsuits. In Australia, if your firm is turning over 3 million dollars or more you have to inform your clients of the breach. If the breach involves tax file numbers, then it doesn’t matter what your revenue is. Naturally, if the Office of the Australian Information Commissioner is unhappy with your efforts and explanations, they have to power to fine you up to 2.1 million dollars.
Finally, nobody likes delivering news that will negatively affect their firm, but it must be done. Once your customers or clients are aware their private information was compromised, you can expect some pretty harsh responses. Statistics show 70% of consumers in Australia will look elsewhere to another supplier after a security breach and 67% of those aged 18-24 years old revealed they would take brands to court that suffered a data breach.
While a data breach that exposes your customers’ or clients’ highly sensitive personal information is bad, covering it up or simply pretending it never occurred could be the death of your firm. Customers or clients may forgive a mistake. They certainly won’t forgive lying. And when word gets around that you cared more about protecting your profits than protecting your customers or clients it will take years to undo that damage.
As Warren Buffett famously said “It takes about 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.”
So, how do you avoid the devastation to your legacy, reputation and livelihood?
Obviously, you want to work with an IT Services or IT Support company with extensive cyber security experience that implements on going cyber security services to monitor the security of your professional services firm’s IT systems 24x7x365.
There must be a multi layered security approach across all your IT systems either in house, in the cloud or a hybrid system. The services must have guaranteed response times and you must know how long the data is going to be retained for.
While you have no control of your client’s cyber security controls and mechanisms, this is why you must have, ongoing 24x7x365 external security monitoring of your systems. This then allows us to detect when something has happened, even if a cyber criminal or hacker has tried, or succeeded, to delete the evidence of it occurring from your systems.
You also want to view your IT and Cyber security protections and overall technology platform as an investment into your professional services firm. One thing you may not be aware of is the return on investment in your professional services firm can produce 100% to 200%. An excellent return on investment in the stock market is between 6% and 8% per annum. Naturally, the investment in your professional services firm is the winning strategy. As a professional services partner or director, you must learn to think, make decisions and act as an INVESTOR if you truly want to get ahead, understanding the value of time. Especially your own.
Combine robust IT and cyber security solutions and secure the future of your professional services firm today.
Want to learn more? Go to https://www.myinfotechpartner.com.au/pylvideo/ and sign up for my FREE 17-minute educational micro-training that dives deeper into protecting your legacy, reputation and livelihood.