Part of our You Belong in Business podcast

Photo of Dave Nelson and Meg Anderson.

Better cybersecurity for businesses of every size

October 30, 2020

Subscribe to the podcast: Apple Podcasts, Stitcher, Spotify, or Google Podcasts

Phishing attempts and overall cybersecurity concerns have spiked this year as more companies boost digital operations, says Meg Anderson, vice president and chief info security officer for Principal®. Remote workers provide more points of entry for business cyberattacks.

“Employees might have new distractions, or their equipment may not be set up as securely as in the office,” she says.

The challenge: How can businesses manage their cyber risk without busting their budget—and know when to call in the experts?

Why is cybersecurity important? According to a 2020 study by IBM, the average cost of a data breach is a staggering $3.86 million.

A small business can quickly rack up hundreds of thousands in bills for all the forensics, public notifications, and other work associated with recovering from a breach, says Dave Nelson, founder and CEO of Pratum, an information security services firm serving clients nationwide.

how much a small business might spend to recover from a data breach

Even the unlikeliest businesses can fall victim. Nelson cites examples such as a rural grain elevator that came under targeted cyberattack during harvest, instantly losing $250,000 in revenue.

Cybersecurity self-help for businesses

If you don’t have an in-house IT team, there are ways to better guard against cyber threats. Listen to the full podcast episode for insight, including these tips:

Look at cybersecurity as a business problem.

Look at cybersecurity as primarily a business problem, not just an isolated tech issue, Nelson says. It’s about managing risk and weighing options—like every business decision.

Educate your employees.

Educate your employees relentlessly—to remain wary. About one-third of data breaches today, Nelson says, have some type of social engineering component such as phishing—in other words, trying to get an employee to accidentally or unwittingly provide access. Hackers may exploit the pandemic or a detail of your business to try to make their phishing sound timely and authentic. (Read more: “5 ways to protect your online information.”)

Require multi-factor authentication.

Having employees sign in from more than one device thwarts many typical cyberattacks, Nelson says.

Restrict access to critical information.

By restricting access employees have only the data they need to do their job—but not extra data that could make the business more vulnerable.

Continually test your employees.

Regularly testing employees on cybersecurity helps keep them sharp.

Practice your business's cyber response.

Walk through how you’d react to a breach or attack, using a publicized incident from a similar business as a case study. Do you know which law enforcement agencies and other officials to contact?

External cybersecurity expertise

Smaller businesses can seek third-party cybersecurity expertise to maintain and report standards that are consistent with their business partners.

“Your suppliers and partners are an extension of your business in the eyes of your customers, so it’s your responsibility to think through all the processes and technology across your supply chain,” Anderson says.

Pratum, which works nationwide from offices in Iowa, Missouri, and Texas, has helped respond to more than 50 cyberattacks and breaches just this year. Some businesses reach out for a limited consultation or security test, while others realize they need to hire an external chief info security officer—essentially the role Anderson serves with Principal.

There’s also an emerging sector of cyber insurance, Nelson says, but prices can vary wildly—sometimes anywhere from $1,000 to $20,000 for similar coverage.*

Ultimately, think of cybersecurity in terms of public health: Good cybersecurity—like washing hands or wearing masks—protects ourselves and everybody else.

More cybersecurity resources

What's next?

* Principal does not offer cyber insurance.

This podcast provides educational information only with the understanding that Principal® and its employees are not offering legal, accounting, investment or tax advice. Business owners should consult with their counsel or other advisors when making business decisions.

Guests are not compensated for their appearance and Principal does not endorse the businesses of its guests. Some guests may own Principal products or use our services. Unless noted otherwise, none of our guests are affiliated with Principal, Des Moines Iowa.  

Insurance products issued by Principal National Life Insurance Co. (except in NY) and Principal Life Insurance Co. Plan administrative services offered by Principal Life. Principal National and Principal Life are members of the Principal Financial Group®, Des Moines, IA 50392.