If you think your law firm is too small for cybercriminals to target, think again. In fact, your size might make you an even more tempting prize. In this guest post, cybersecurity expert Craig Petronella explains why.
By Craig Petronella (reprinted with permission)
The past two years have handed small and medium-sized businesses a whole host of problems, such as supply chain issues, recruiting woes, and staff retention difficulties. Unfortunately, while dealing with these urgent challenges, the vast majority of those companies have been failing to prepare for a threat that’s been grabbing headlines with increasing frequency at the same time.
That’s right—I’m talking about cybersecurity. Even with ransomware, malware, and data breaches constantly in the news, too many small businesses don’t have the cybersecurity protections they need to safeguard themselves and their customers.
According to a March 2022 survey from Digital.com, 51 percent of small businesses don’t have cybersecurity measures in place. Of those who haven’t taken steps to make it harder for malicious actors to access their systems, 59 percent said it was because their business was “too small” to be a target. That’s a dangerous misconception you can’t afford to believe.
Do you know the difference between old-school ethics and cybersecurity ethics? If not, join us on June 29 for the free CLE webinar “Cybersecurity Ethics: Safeguarding Client Data in Today’s Emerging Hybrid Practice.” You’ll receive an insider’s tour of the American Bar Association’s annual TechReport, which covers everything from spearphishing to spam filters, and you’ll learn how small firms are using technology to stay safe, successful and competitive. “Cybersecurity Ethics” features attorney David G. Ries, a contributing author of the 2021 TechReport and a long-time expert in law office cybersecurity. Ries will draw on his cyber expertise and drill down into the TechReport to extract valuable pointers for your practice. You’ll discover the 10 Basic Cyber Safeguards and 3 Bad Cybersecurity Practices to avoid at all costs, as well as four ABA ethics opinions that could save your law license. Join us on June 29. Register here.
Cyber Threats and Small Business
On top of the 51 percent of owners who said they didn’t have cybersecurity measures in place, another seven percent of those surveyed said they weren’t sure about the state of cybersecurity at their companies. (Hint: If you have to wonder if you have adequate cybersecurity, you don’t.)
Anyone in that segment almost certainly isn’t prepared to fend off or recover from a cyberattack.) Only 42 percent of the owners polled said their companies currently had some form of cybersecurity.
At the same time, 1 in 5 small online businesses surveyed had been the victim of a cyberattack. The 36 percent of survey respondents who said they were “not at all concerned” that their company might be the victim of a hack or ransomware scheme are fooling themselves—the time to prepare your small business against cyber threats is now, before you become part of the growing segment of companies who have suffered the costs of being complacent.
The Danger to Small Business
A smaller enterprise might think that because they’re not a big company with a huge balance sheet or a vast trove of sensitive information, hackers aren’t going to think it’s worth their while to go after them. But what hackers see is low-hanging fruit. A small company isn’t likely to have the kind of budget dedicated to cybersecurity that a large nationally or internationally known enterprise would, if they’re even bothering to try at all. Judging by the survey results, a cybercriminal has good odds of finding an open door to walk right through. For them, targeting an unprotected small business means a quick (if relatively modest) payday for only a little work.
When asked why they didn’t have cybersecurity, 19 percent of survey respondents said it was too expensive. Realistically, the costs of a cyberattack are the price you can’t afford. While a giant corporation can usually absorb the expense of dealing with a successful hack, most small businesses can’t—and many of them never recover.
About the Author
Craig Petronella is CEO of Petronella Cybersecurity and Digital Forensics. He was deconstructing and re-building computers as a child. His interests guided him in creating “Bulletproof PC,” an unhackable computer that was essentially a self-protecting system, it doubled as an idea ahead of its time. The original architecture of the Bulletproof PC is now partnered with intuitive Software that empowers the protected hardware to function at full capacity while never sacrificing security.
His vision is to always be on the cusp of change and to keep up with the cutting-edge.
Do you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan? Is your professional liability coverage managed through Alta Pro? If so, you’re automatically a member of the Alta Pro Risk Purchasing Group (RPG), which offers a wealth of benefits for your practice: free, cutting-edge CLE webinars featuring top experts tackling timely topics; the Pro Practice Playbook; the Pro Practice Blog; Reminger’s ProLink risk management assistance; Reminger’s Claim Repair Hotline; discounts on CLIO practice management software; tax savings on health insurance; and access to the Risk Pro, who can help keep your firm safe and successful. Register here and start enjoying your Alta Pro RPG benefits.