Data breaches are a terrifying threat to your business’s future, regardless of their size. At this point, all it takes is for one employee to fall for a phishing scam to give a hacker access to your entire database, and then the company is liable for whatever happens next.
The scary stories we see in the news are usually about the Targets or Wells Fargos of the world, but we know that SMBs are not in the clear. The smaller the organization, the more likely it is that it lacks the infrastructure needed to prevent and respond to cyber threats. We’re also seeing that certain industries are being targeted more than others.
According to the 2021 Legal Technology Survey Report done by the American Bar Association, 25% of law firms report having experienced a data breach at some point. It makes sense, right? Law firms have access to large amounts of sensitive information, including client and business data, financial records, intellectual property, details around mergers, and so on.
The survey also notes that there is a clear trend showing that smaller firms often have insufficient cybersecurity policies in place, whereas larger firms are more prepared. 25% of respondents said that their firm either doesn’t have any data security policies in place or that they don’t know if any such policies exist.
As an industry that holds confidentiality at such high value, the damage a data breach could do to your reputation and the trust of your clients is hard to quantify, not to mention the millions you could face in lawsuits and fines.
New York City’s Law Department found this out the hard way when a hacker accessed their systems via one employee’s stolen credentials. This database contained everything from the locked records of minors to employee information, internal investigations, contracts, and more. Legal proceedings across the city were shut down, and twenty-four hours later, the department’s computers had to be removed from the city’s network. At the time this article was written, the full impact of the breach wasn’t known.
In IBM’s Cost of a Data Breach Report 2021, CPAs are included in the Professional Services sector, which makes up the second largest segment of all data breaches.
Accountants and tax practitioners are popular targets because they collect all the critical pieces of information needed to steal an identity–contact info, social security numbers, and banking information–and they do so in massive quantities. They are the perfect one-stop-shop for cybercriminals. As another field that requires a deep trust between the client and the firm, experiencing a cyber-attack might be bad, but mishandling the fallout is even worse.
Just ask Bansley and Kiener (B&K), who identified a breach back in December of 2020. It wasn’t until the following May that they confirmed that over 70,000 records had been accessed. The worst part? They failed to report the breach or notify the victims until almost a year later. B&K is now facing a lawsuit and major damage to its brand.
Have you noticed the pattern?
Insurance is yet another industry that processes, stores, and sends massive amounts of sensitive information. Insurance providers are big targets but don’t forget about smaller agencies and brokerages. The act of shopping for a quote involves submitting an individual’s information to multiple organizations across the web, multiplying the potential for hackers to find a weak point and break-in.
CNA Financial Corp., a Chicago-based insurance company, was forced to pay $40 million in late March to the cybercriminals who had hacked them two weeks prior. Following a ransomware attack, a large amount of data had been stolen and CNA had been locked out of their own network. Ironically, CNA provides cyber insurance to its clients.
Real Estate is another industry that–you guessed it–handles large amounts of personal and financial information. Everything from a buyer’s previous address to their checking account numbers is entered throughout the process of buying a home. And only half of these businesses are prepared to defend against a cyber attack.
Don’t forget about all the vendors involved, including inspections companies, insurance, mortgage providers, to name a few. If a mortgage provider that the brokerage works closely with experiences a catastrophic breach, the brokerage’s clients could also be affected.
Speaking of third-party vendors getting hacked…Bernalillo County, located in Albuquerque, New Mexico experienced a ransomware attack that shut all government offices down. Real estate agents couldn’t access the county’s tax calculators, meaning they couldn’t tell buyers what their monthly payments or property taxes might look like. This also meant that deeds couldn’t be recorded for new sales, which slowed the local real estate industry to a standstill.
In addition to having access to tons of valuable data, these industries are also working hard to modernize and embrace technology that makes it easier for customers to access their services. Those popular apps and smartphones magnify risk when it comes to cybersecurity.
These cybercriminals are getting smarter and more efficient all the time. Why waste your time with credit card fraud, working through card numbers one at a time, when you could hit one of the industries above and get thousands of records at once?
So if your business fits into one of these four buckets and you haven’t begun treating cybersecurity like the continuous process it is, you may want to reconsider. Processes, inventory, and staffing lists should be evaluated regularly, and all your software should be set to update automatically. This is not a set it and forget it sort of initiative.
A trusted cybersecurity partner, like ForceNow, is essential to moving from a defensive strategy to an offensive one. We provide enterprise-level security at SMB-friendly pricing, including employee training, 24/7 monitoring, vulnerability testing, and more. Our cybersecurity services also allow you to qualify for comprehensive, affordable cyber risk insurance plans through our partners.