Every day, it seems another security breach makes headline news. The victim list for the first few months of this year alone includes such big business names as Apple, Twitter, Facebook, Microsoft, Burger King, Jeep and The New York Times. The Federal Government is a target. Schools, hospitals and newspapers are on the list. Smaller businesses are, too – in large numbers.
Although the large companies make the headlines, small businesses represent a large percentage of data breach incidents investigated. According to the Verizon 2013 Data Breach Investigations Report (DBIR), organizations with fewer than 100 employees comprised 31% of data breach incidents investigated in 2012. 1
Our society’s growing dependence on the Internet has made us increasingly vulnerable to cyber attacks. Hackers are finding ever more sophisticated ways to disrupt online service, access money and steal sensitive business and customer information. Sometimes their targets don’t realize that they’ve been victimized until much later, if ever.
“Everyone is at risk,” said Richard Hale, one of the Pentagon’s top cyber security officials. “Every business that is hooked to the Internet is vulnerable. It’s like gravity; the threat is all around us.”
But why, you might ask, would a hacker target smaller businesses? Simply stated, because it’s easier. Owners of smaller businesses often don’t have the resources or the technical know-how to combat data security threats. And since attacks on smaller business often don’t make headlines, some business owners may believe they’re immune.
It couldn’t be further from the truth. The 2012 DBIR reported that smaller organizations were the more successful target in most types of data theft activities.
“Attacks can be carried out against large numbers in a surprisingly short timeframe with little to no resistance,” the report says. “Smaller businesses are the ideal target for such raids, and money-driven, risk-averse cybercriminals understand this very well.”
Threats to data security are a new reality. Data protection for small business is essential. The key is to understand how breaches occur and to take measures to prevent them from happening.
Hackers specialize in exploiting vulnerabilities. Poor password protection, an unsecure wireless (WiFi) network and outdated system software each present opportunities to cyber criminals seeking access to information. There are many other tactics in the hacker’s toolbox, such as:
Not all data breaches are the work of cyber criminals. They can involve break-ins or tactics like working the phones to solicit information from unsuspecting employees. They can also be crimes of opportunity: the laptop left on a train, a lost smartphone or a misplaced thumb drive that falls into the wrong hands. And you don’t need a computer to be at risk. Lost, stolen or misplaced files are a common cause of data breach.
If your business data is breached, the fallout can be far-reaching and costly. Standard recovery procedures can include a time-consuming process of notifying customers, investigating the incident, identifying and quantifying the losses, and monitoring credit or identity theft. You may need legal counsel to ensure you’re complying with state and federal laws and to defend your business if customers sue. There’s also the cost of repairing intangibles, such as your business’s reputation.
These steps can help you better safeguard your company’s data, protect your customer information and help ensure your small business can survive a data breach:
Percentage is an approximation based on the Verizon 2013 Data Breach Investigations Report.