People never think it’ll happen to them. Sure, they see the reports – 50 million-plus bundles of user data compromised by a Facebook breach; the billing information of more than 2 million T-Mobile users hacked by a mysterious malicious entity – but firms like those are massive, monolithic entities in global commerce. They’re decidedly big fish, not like you and your small practice. According to a recent JLT-Harvard Practice Analytic Services survey, more than half of small practice managers or directors remain locked into this line of magical thinking, blissfully unaware of the threat cyber crime poses to the health of their organisation.

We hate to burst the bubble of the happy-go-lucky majority, but the reality is that this optimistic attitude just does not square with the statistics. The incidents may not make the news, but small practices are being targeted – and breached – by hackers at an astounding rate. In fact, the National Cyber Security Alliance reports that close to half of small practices have experienced a cyberattack and that 60 percent of the firms that succumb to one of these attacks folds completely within six months. They state that instead of zeroing in on ASX 500 corporations, hackers actually prefer to swoop in on the little guy, with 70 percent of cybercriminals specifically targeting small practices.

Yet according to a Paychex survey, 68 percent of small practice leaders aren’t worried about cyber security despite data from Hiscox indicating that more than seven out of ten small practices are woefully unprepared for a breach.

Of course, it’s understandable that the average small practice owner shirks their cyber security responsibilities. It’s the kind of problem that’s so complicated that it’s tempting to sweep it under the rug. As breach tactics become more sophisticated, so do the software and methodologies designed to keep out criminals. In a world far removed from the days when buying a product and installing it into your network was enough, it’s easy to become overwhelmed by the complexity and breakneck pace of advancing cyber security best practices. Our biases make the possibility of a hack seem remote, while our limited resources make the cost of protection appear too high to even consider.

“The first step to getting savvy in 2019 is to accept that cyber-attack isn’t some unlikely crisis, but a virtual inevitability”

The first step to getting savvy in 2019 is to accept that cyber-attack isn’t some unlikely crisis, but a virtual inevitability. It’s a tough pill to swallow, but leaving it to chance is like flipping a coin where a “tails” outcome results in your practice shutting for good.

Luckily, though an attempted hack is almost guaranteed, there are dozens of steps you can take to prevent it from doing any damage. Chief among these should be to find a managed service provider (MSP) with a long background in protecting against hacker threats to take the reins on your cyber security as quickly as you can. It’s important when auditing your internal security measures that you regularly get an outside opinion from a trusted source, in order to cover all your bases. Your internal IT departments assurances that “they’ve got it covered” are certainly reassuring, but to truly patch all the holes in your security barriers, you’ll need more eyes on the problem. You might imagine that such a partnership must be prohibitively expensive, but they’re typically more reasonable than you might think. Not to mention that when the very survival of your practice is on the line, it just makes sense to budget accordingly.

The statistics paint a picture of small practice managers or directors as underprepared, unaware, and disturbingly vulnerable to the whims of cybercriminals hiding just out of view. Don’t be another one of the millions of small practice managers or directors forced to shell out thousands as a consequence of wishful thinking. Wake up to the dangers of 2019, arm yourself against them, and secure the future of the practice you’ve worked so hard to build.