Visit Us


The Cyber War on Small Business: NFIB Webinar Recap

The National Federation of Independent Business (NFIB) hosted a webinar on the cyber war against small businesses. Featuring Dillon Behr, the executive lines broker at Risk Placement Services, Inc., the webinar detailed how and why hackers target small businesses, what small businesses can do to prevent attacks and how they can respond to attacks. Here, we’ll recap some important highlights from the webinar.

Many small businesses do not believe hackers will target their data, so they don’t ensure they’re practicing proper cybersecurity measures and methods (only 33 percent say their technologies can detect and block most cyber attacks).

However, this is precisely why cybercriminals target small businesses, says Behr. In fact, 43 percent of cyber attacks are targeted toward small and medium businesses, and 55 percent of small businesses were cyberattacked in the past 12 months while 50 percent saw a data breach in the same timeframe.

So, where do these attacks come from?

Cyber criminals use various methods to access your data, both online and offline. This includes phishing emails, stolen or breaking through weak passwords, social engineering, technological errors and physical data breaches (stolen laptops, equipment, physical records, etc.).

While 75 percent occur from outsiders, a shocking 25 percent occur from internal sources. This can mean a few things. For one, this could be completely accidental. Perhaps someone accidentally sent an email containing sensitive data to the wrong person, or they lost a thumb drive containing sensitive information. The worst scenario is having an employee acting out of malice. However, there are ways to recover from these attacks.

The first step is to be proactive.

Think to yourself: “How well are we protecting our sensitive data? How often do we check to make sure our cybersecurity efforts are up-to-date?” Behr says the biggest mistake small business make is not installing premium software right away and not updating it often.

Small business should also enable two-factor authorization for all employees. For example, your employee will receive a text asking for a code to verify it’s them trying to access the information. Behr also recommends you perform regular backups of company data as well as installing antivirus software.

However, one of the biggest ways hackers get access to data is through stolen or weak passwords. The Verizon 2017 Data Breach Investigations Report shows that 81 percent of hacking-related breaches occurred because the criminals leveraged these stolen or weak passwords.

Ensure your employees use strong passwords and regularly update them (every 60-90 days). According to Behr, a good password should:

  • Be at least 8-characters long;
  • Have a combination of upper and lower case letters;
  • Include numbers and special characters;
  • Have no consecutive numbers or letter;
  • And be something you couldn’t find in the dictionary.

“The best password is the most random and easiest one to forget,” Behr says.

How to handle an attack

No matter the size of your business, a cyber attack is inevitable.

“Everyone is being targeted all of the time, and eventually, you’re going to have a data breach,” Behr says. “So, we want to make sure we’re going out there and being prepared.”

Handling an attack also requires some preemptive steps:

  1. Identify all the data you have and where it’s held as well as the risks involved if this data were to be accessed by a nefarious source.
  1. Assess how you’re protecting this data and if you need to upgrade your efforts.
  1. Create a detection process that you test at least once a year (although Behr suggests testing it once every six months). This way you can see how well your cybersecurity methods are at protecting your data and update accordingly.
  1. Plan a response. Do you have a plan for what happens if you suspect a data breach? Or a plan if your data is in fact breached?
  1. Plan a recovery. How will you recover from a breach? How will you win back your customers’ trust and repair your reputation?

How much an attack costs

Attacks can be extremely damaging to your business. The average cost to fixing these attacks is roughly $880K, with normal operations losing an average of roughly $955K. This can potentially sink your business!

Behr suggests that along with preemptive measure, small businesses should invest in cyber liability insurance. Fortunately, NFIB offers access to cyber insurance with competitive pricing and coverage limits ranging from $250K to $2 million.

While you can add endorsements or extensions that offer protection from breaches to a general liability policy, Behr says these are usually small and may not cover all the costs incurred after an attack. However, the coverage that is accessible through NFIB is specifically designed to address data breaches – at or around the same cost as one of these endorsements or extensions.

Small businesses are at more risk for cyber attacks than they think. To learn even more details and hear more suggestions from Behr, you can watch the webinar here.

Want to learn more about the Kabbage process? Check out these helpful links:

To receive more small business resources, sign up for our newsletter!

Kabbage Team

Kabbage is here not only to provide access to the small business funding you need, but to also help you grow your business through free marketing tips, webinars, tools and more. Is there something you'd like us to cover or want to get your small business featured on our blog? Send us a note at