In my podcasts that I have with various guests, one of the common themes that comes out is what can an individual or business do to protect themselves from reducing the chances of being hit by a Cyberattack. As I have written before, keep in mind that we are all at risk, no matter how many security related measures you take.
Heck for that matter, even Fort Knox is at risk. But the key is in how to decrease the odds of being hit, and if you are impacted, how proactive you remain in containing the threat before it gets any worse.
All of the answers have varied to some degree, but all of my guests have agreed with me on the above-mentioned point. But when evaluating what you need to do contain the threat, especially if you are business owner, you also need to take stock as to the long-term impacts if you are hit.
Sure, the first thing on your mind is to get your business back up and running to some baseline level ASAP, and resume normal operations from there, but have you ever given thought as to how your corporate brand or image might be impacted? Or also, how will your customers feel that their Personal Identifiable Information (PII) has been compromised?
This is a profoundly serious issue that cannot be taken lightly. This hypothesis had been further substantiated by a recent market research study that was conducted by a Cybersecurity firm known as Arcserve. In this project, over 2,000 consumers were polled across the United States, the United Kingdom, France, and Germany.
Their final report is entitled “Ransomware’s Stunning Impact on Consumer Loyalty and Purchasing Behavior”, and it can be downloaded from this link:
Here are some of the key findings of their survey:
*An overwhelming 59% of respondents would stop doing business with an organization if they were hit by a Cyberattack, no matter how large or small it might be;
*The level of forgiveness is also quite low here as well – 45% of them clearly stated that they would still not do a business with a particular company that was hit even three years prior;
*40% of them even stated that they will not conduct commerce-based transactions with a business simply because they are too afraid of having their PII compromised or hijacked;
*Over 46% of the respondents said they would stop business immediately with a company just after one security breach;
*If a business were to be impacted by a Cyberattack, 37% of the respondents mentioned that they would quit being a customer if operations were not restored within 24 hours, 41% said they would literally walk away if operations were not back up and running with 48-72 hours;
*Worst yet, well over 45% of them said that would write an extremely negative review about the company if their PII was compromised in any way;
*43% of them claimed that they would be more apt to do business with a company that takes proactive approach, especially when it comes to protecting their PII.
My Thoughts On This
Yes, these responses are truly startling, and it all comes down to the first place: Taking those extra steps to further mitigate the statistical odds that you will be impacted. Once, we are all at risk, so it is especially important, that you, the business owner, get away from the common mentality that if it has not happened to you yet, that it will never happen. The moment that you start thinking this, YOU WILL BE HIT!!!!
There is a whole laundry list out there as to what you can do to be proactive, I am not going to rehash the same thing here. You can do a Google search, and you can get all kinds of lists out there. But there is one thing that I will say to this effect:
Seriously think of migrating all of your entire IT and Network infrastructures to the Cloud. By this, do not just simply go to any Cloud provider, use something very trustworthy and reliable such as the AWS or Azure.
You can open up free accounts on both platforms and experiment around. Your mouth will literally drop once you see all that is available out there (mine did, and still continues to do so). You can create everything from Virtual Servers and Virtual Workstations that your employees can access securely from any where they may be at, at any time.
By using the AWS or Azure, your chances of being able to come back up once again very quickly (if you are impacted by a Cyberattack) than versus if you have an On-Premises IT/Network infrastructure. Ok, so enough of that.
Now, on the other side of things, these findings simply underscore the fact that having the appropriate Incident Response (IR)/Disaster Recovery (DR)/Business Continuity (BC) plans is a must. But only that, you must practice them at least semiannually, and update them with the lessons that have been learned.
By doing this, you should be able to restore mission critical operations within a 24-time period, as this viewed as a critical factor to consumers, based upon the survey.
Another key point to be made here is that if you are impacted, once those mission critical operations have been restored, you need to communicate immediately with the key stakeholders of your company, most especially your customers, as what happened and what is actually being done to protect the PII records and to contain the damage that has already been done.
In this regard, do not rely on snail mail as it will take too long, or even Email, chances that it will get deleted and/or hit the Spam folder never to be seen.
Probably the best way is to reach out to customers directly on the phone, as this will resonate much better, because it shows that you are taking that extra step to resolve any fears and concerns. In this aspect, do not rely upon some automated phone service to do this, YOU need to take the initiative to do this yourself, or if your company is large enough, have your communications team do this for you instead.
Also, by doing this, there is a lesser odd that a customer will leave a negative review online after your company has been impacted by a security breach. Remember, you can spend all of your time and money on Google ads, and getting high rankings, but this means squat if just one customer leaves a negative review.
Always be transparent about the proactive security measures that you are taking, and let your customers and prospects know about this. Of course, do not tell them exactly what you are doing, just give them the high-level overview so that they will be appreciative of what you are doing.
After all, a fair chunk of the respondents did say that they would be more likely to a business with a company that has taken a proactive approach on protecting their PII.
In the end, it is especially important to think long term about the repercussions if you are hit. Being the business owner, think as far out as you can, at least one year or longer. As it has been stated so many times in this blog, we are all at risk.
But if you can prove that at least you have been proactive with everything, then the chances of losing customers and prospects are much less great. It all comes down to three solid things:
*Having rock solid IR/DR/BC Plans;
*Having a seamless communications process (with both your employees and stakeholders, especially your customers);
*Using a Cloud based platform like Azure or the AWS.
Finally, it can take years to gain a customer, but just seconds to lose one if they leave a negative online review about your company. Act now to reduce this risk!!!