The consequences of small business cyberattacks are no joke. IBM research shows that a small business data breach can be particularly severe for companies with less than 500 employees, according to a recent press release. In the study, small businesses suffered losses of more than $2.5 million on average.  The number equates to costing up to 5 percent of annual revenue.

And the effects of small business cyberattacks can be felt for years. In fact, IBM looked at the long tail financial impact of data breaches and found that 67 percent of associated costs were realized within the first year.  An additional 22 percent accumulated in the second year.  And, another 11 percent amassed more than two years later. Moreover, the long tail costs were higher in the second and third years for businesses in highly-regulated environments, such as healthcare and financial services.

However, small businesses can mitigate cyber risks by implementing some of the following security practices.

Use Access Controls

Strong access controls can help prevent small business cyberattacks. An access control policy should at least address who should access company data as well as the circumstances in which to deny access to a user with access privileges. Small businesses can use authentication factors to reduce cyber risk, including:

• passwords
• personal identification numbers (PINs)
• biometric scans
• security tokens

Implement Extensive Use of Encryption

Studies have shown that 96 percent of stolen data is unencrypted, according to IT Security Guru. Therefore, in addition to implementing access controls, small businesses should routinely encrypt their primary copies of data as well as their secondary copies of data, such as backups, migrations, archives, transfers and live data to keep information safe.

The extensive use of encryption can also reduce the total cost of a data breach by $360,000, according to IBM.

Deploy Security Automation Technologies

Security automation technologies allow businesses to handle security tasks that would otherwise be done manually. These technologies can automatically check for system vulnerabilities, for example, without human intervention.

And when it comes to cyberattacks, security automation technologies can help small businesses mitigate losses. According to IBM, businesses with fully deployed security automation technologies experience about half the cost of a breach compared to those that do not have these technologies.

Properly Vet the Security of Third Parties

It’s important for small businesses to vet the security of their partners and suppliers, as it can cost businesses $370,000 more than average when a data breach occurs, according to IBM. This can be done by ensuring that security standards align and by actively monitoring third-party access.

Have An Incident Response Plan

A solid incident response plan should be in place well before a cyber incident occurs.  Why? Because the speed and efficiency at which a small business is able to respond can reduce consequences. IBM finds that businesses with an incident response team and an extensively tested incident response plan have had approximately $1 million less in data breach costs on average compared to businesses with neither measure in place.

By implementing these security initiatives, or a combination thereof, small businesses can stay protected against costly cyberattacks.