Every small business knows its reputation is important. For many, online presence and technology have become the principle way with which to serve their customer base and build an affiliation with quality.
Some of the best companies are also built around the name of their founder, which promotes credibility in the marketplace. But equally, it’s very easy to lose your reputation with a few clicks of a mouse.
My colleague Matthew Webb recently highlighted two examples from big and small companies – eBay and Jala Transport – where data breaches led to reputational issues and fines, but I wanted to look at the vulnerabilities of small businesses, prompted by a small but unpleasant reminder of just how easy it can be to lose your reputation online.
This reminder involved a rather nasty email hack that illustrated how easy it can be to lose the confidence of the contacts you’ve spent years cultivating. It’s where small businesses – especially sole traders and one-man bands – are particularly vulnerable, especially if your business is growing, but your online infrastructure has yet to catch up.
And it’s with email that my example starts. Getting a good email account is vital for any business. Even if you’re a freelancer working off a basic webmail account, it’s pretty important to nab your own name. I was particularly proud of doing just that, as let’s face it – firstname.lastname@example.org – isn’t exactly a professional image to present if you’re using your account for work purposes.
One morning I received an email from a university friend and opened it up without thinking. Soon after, I received a message in my inbox informing me that an email I had sent to a customer services inbox could not be delivered. Odd. Then I received another. And another. Then an ‘out of office’ auto-reply.
After checking my sent mail folder, it seemed email after email was flying out to all sorts of addresses, each with the same link inside. A quick Google search revealed the webmail provider didn’t have a call centre, and the only advice was to change my password. If it wasn’t as strong as it could have been, it is now.
Unfortunately, the damage was done. Despite never saving my contacts into the address book the virus had forwarded itself to any address I had ever interacted with, including contacts at my current employer, former employers and university, along with friends’ personal and work addresses. Not to mention almost every company I had ever sent a job application to. How I was perceived by these contacts was now completely out of my hands. Absolutely anything could have found its way to absolutely anyone I had ever emailed.
Now, imagine this was your business. Perhaps you’re a freelancer or a small business owner and you (or one of your staff) had clicked on this link. Had I clicked on it at work, our robust IT systems would have prevented any damage from being done. For a small startup, your network may be a lot more vulnerable.
On a personal level, the feeling of briefly floundering without a clear idea of how to limit the damage was frustrating, but imagine you then had to notify your contacts and clients that you’d suffered a cyber breach. How would you do this? For me, a message on Facebook warning friends not to open any emails from me was the best I could do but if you were forced to confess to an email hack on social media, how would it affect your reputation? You can already see how the cost could build up.
The reality is that it isn’t even just the general threats that companies need to protect themselves against. Small businesses represent a sweet spot for hackers in that they may be growing rapidly, accumulating customer data and cash, with security that hasn’t quite had chance to catch up.
Larger companies typically have more sophisticated cyber protection, but not even they are immune to hackers, as the eBay story shows. Turning such an instinctive negative reaction around can be tough – you may need a specialist PR firm to help rebuild your reputation, and perhaps even setting aside costs to set up a contact point for affected customers.
If you have a cyber insurance policy, it may cover these costs as well as forensic IT investigations into what went wrong and what data has been put at risk, but these only help clear up after the event. It’s obviously best to put in place preventative measures. The government’s recent Cyber Streetwise initiative – aimed at SMEs – has some excellent resources for protecting your business online.
As for me, I’m never going to feel completely comfortable that my once-perfect email account is secure and isn’t compromised in some way. Fingers crossed ‘paddy_ross_12345’ is still available.
For more information on Hiscox’s new cyber and data insurance product, click here.
Read Head of Technology and Data Risks Matthew Webb’s analysis of the cost to small businesses of a cyber attack.