It seems like every other week, we’re hearing about an individual or business being subjected to some kind of cyber-attack. Ransomware, in particular, seems to be a larger threat now. If hackers find their way into your computer system through an “open door” or vulnerability, your computers will be “locked” so you cannot use any of your applications and/or your files will be encrypted across your entire network (including your backup server), rendering them useless. Basically, all of your computers and/or your network is “kidnapped” and you need to pay a ransom to get it back. You receive a message that tells you how to make the payment – usually by bitcoin – and then everything, theoretically, will be unlocked and returned to normal.
A manufacturing company we work with was recently hit by a ransomware attack, and the cyber pirates demanded thousands of dollars in bitcoin. All of the company’s files and backup files were encrypted and the company’s productivity plummeted. Crippled by the attack, they had no choice but to pay the ransom to regain control of the business and it took two weeks for them to get fully operational again.
This has become a serious problem for thousands of individuals and small businesses across the U.S.
“Some cybersecurity experts call the attacks an epidemic. Both the United States and Canadian governments issued a rare joint alert in March  warning businesses of ransomware. In 2015, affected Americans paid about $325 million due to ransomware attacks; in 2016, cybersecurity analysts estimate, it will be much higher.” “Your Money or Your Data: Ransomware Viruses Reach Epidemic Proportions,” Newsweek
It goes without saying that we need to be vigilant in order to protect ourselves from these types of attacks. This type of now-inherent risk also highlights just how important it is for businesses to mitigate all types of risk in order to preserve their value and operate effectively.
Business is Risky - Planning for the Worst Case Scenario is Key
In our internationally interdependent and interconnected world, business risk evolves quickly. The risks are more complex, can be more difficult to predict, and even more difficult to prepare for and prevent. Cyber-attacks are some of the largest risks we face today as business owners and we need to protect ourselves as much as humanly possible with proper cyber security measures and insurance. In addition, we need to plan for the worst case scenario so that we can minimize the impact and damage. The stakes are extremely high – the National Cyber Security Alliance has estimated that 60% of small businesses hit by cyber-attacks end up going out of business.
We know that risk is an inherent part of owning and operating a business. There is always a chance that your business may not succeed and you may not recover your investment. Most businesses face myriad risks, including environmental, financial, operational, political, business interruption, failure to innovate, damage to reputation, strategic (competition), economic climate, compliance (OSHA or EPA) etc. There are many facets of risk management that need to be addressed, including insurance, business continuity, health and safety, corporate governance, planning and finances. According to AON, one provider of risk management products, 80% of companies that fail to recover from a major disaster within one month will go out of business. Daunting to say the least.
Effect of Risk on Business Value
In our book, Cashing Out of Your Business - Your Last Great Deal, we discuss eight of the most important characteristics or value drivers that prospective buyers look for in their acquisition candidates. Two of those key drivers are Low Risk and well-documented Systems & Processes. Any exposure a business has to risk can negatively impact its value. Therefore, reducing risk is key to maximizing business value in the eyes of an investor.
What You Can Do
While nothing takes the place of working with professionals who are focused on risk management and IT security, there are a few other things you can start doing immediately:
- Back up your systems regularly
- Create backup redundancy in the cloud or off-site
- Create and revisit your emergency response plan on a regular basis
- Review your insurance at least annually to ensure that you’re covered in as many areas as possible
- Ensure that all employees are trained on safe email and web-browsing practices
It’s critical for businesses to identify and quantify the risks they have and develop the processes and tools that can be used to mitigate those risks. Companies can’t predict what the future holds, but you can at least plan for the worst case scenario rather than waiting to see what happens.