Sadly, that seems accurate from our experience – that percentage may actually be higher for small law firms. As Dark Reading recently posted, 51% of leaders of small-to-midsized businesses (SMBs) believe they are not a target for cybercrime. 76% of them say they haven't activated multifactor authentication (MFA) for their enterprise email accounts, according to a new report from Switchfast Technologies.
"Frankly, we see similar numbers for MDM [mobile device management] and MFA (multi-factor authentication) adoption as well," says Nik Vargas, CTO for Switchfast. He says a single breach can cost a small business up to $130,000, mostly for legal work, cyber remediation, and reputational damage.
The federal government is giving SMBs some help: President Trump signed the NIST Small Business Cybersecurity Act in August, which directs NIST to develop a streamlined version of its famed Cybersecurity Framework.
"The fact that the federal government has made this a focus is a positive step," Vargas says. "Of course, one of the real dangers is that small businesses can be a launching pad for much larger attacks on government sites and the large commercial giants."
The reality of SMB security threats has been obvious: a Ponemon Institute report in 2016 that found that roughly half of the nation's 30 million small businesses had been breached. We have found that using CLE presentations as a bully pulpit has had some effect in terms of raising consciousness - but translating that into action - and spending monies on cybersecurity - has been more of a challenge.
Hat tip to Dave Ries.
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology