How to Avoid the Top Security Risks to Your Small Business

Anne Shaw

Target’s 2013 data breach cost the company $250 million in damages after hackers managed to steal around 40 million customers’ credit and debit card numbers. But the true overall cost can be hard to measure when you consider the bad press, the drop in productivity caused by internal mayhem during the crisis, and the dip in consumer confidence, all of which likely contributed to Target’s swift drop in profit following the breach.

And if this happened to Target, which employed a full cybersecurity team, it can easily happen to small businesses with meager or nonexistent cybersecurity budgets. So, how can your small business protect itself when you can’t afford a “Cyber Fusion security center?” It starts with identifying why small businesses are so often targeted, the common mistakes small businesses make, and the most common cyber attacks on small businesses.

Why Small Businesses Are Hackers’ Favorite Targets

When it comes to poaching data, hackers tend to focus on easy prey: small businesses. Why? They often lack strong security measures and standards. Likely due to their leaner teams and many hats, most small business owners don’t make it a priority to:

  • Regularly monitor server networks and data
  • Invest in an IT specialist
  • Ensure that they only operate on secure Wi-Fi
  • Learn about and train their employees on cybersecurity best practices

This may seem understandable, since many small business owners have a lot on their plate and tend to assume that getting hacked just won’t happen to them. But helping ensure data security is essential for small businesses. Most simply can’t afford to absorb the astronomical cost of a data breach in the way that a large enterprise like Target can. In fact, it’s reported that 60% of small businesses that suffer data theft close their doors within six months.

Three Common Security Mistakes Small Business Owners Make

Avoid these common mistakes to keep your business’s data safe.

1. Using Poor Password Standards

This is one of the top security mistakes small business owners make. Don’t be lazy about your password standards if you’d rather not join the ranks of small businesses that get hacked. The following password standards don’t yield strong enough passwords to withstand a password attack:

  • Less than eight characters
  • A lack of various letter cases, numbers, and special symbols
  • Allowing the use of one password for multiple platforms and applications

And that’s just when it comes to the content of the passwords themselves. You also should regularly change all passwords and consider using two-factor authentication (where more than a user name plus password is required), for added security.

2. Lacking a Clear BOYD (Bring Your Own Device) Policy

Allowing employees to use their own electronic and mobile devices does have benefits. They’re comfortable using them, so they’re more efficient and productive, and it likely saves you overhead cost.

But, if your BYOD policy doesn’t include guidelines around software updates, IT support, encrypted data options, or when and where employee-owned devices can be used for work—and especially if your BYOD policy just plain doesn’t exist—then you leave your business wide open to data breaches.

3. Trusting Public Wi-Fi

While waiting for a client at your local coffee shop, it’s tempting to hop onto the free Wi-Fi and get some work done, but be wary. Hackers often set up their own Wi-Fi hotspots, giving them sneaky names similar to where they are (for example, Pete’s Coffee – Guest). When unwitting Wi-Fi users join these poser networks, hackers can easily gain access to their devices. And, even if you do land on the right network, public Wi-Fi offers little to no real security from savvy hackers.

Four Common Cyber Attacks on Small Businesses

Did you know that during any given second, 3.5 new cybersecurity threats arise? Small businesses are often the target. Here are the most common types of attacks on small businesses.

1. Malware

Malware is a broad term for malicious software that’s designed to gain access or cause damage to a device, typically with the purpose of stealing data such as personal information and credit card numbers. There are several types of malware small business owners should know about: adware, spyware, and Trojan horses.

2. Password Attacks

When a hacker learns your password(s), they gain access to all your information. Hackers can get an unknowing user’s password in several ways, including “brute force attacks” during which specially designed programs generate and try every possible combination of letters, symbols, and numbers. Using a 10-character password of upper and lowercase letters can slow down these programs, since it can take more than 100 years to land on the right one, so consider using longer, more complex passwords.

3. Phishing

Hackers use this technique to trick people into willingly handing over their information, from passwords, to credit card numbers, to Social Security numbers. Typically, hackers pose as a reputable source via email or text, asking their victim to follow a link and, for a seemingly important reason, provide key information. While these types of attacks are often digital, phone phishing scams also are possible.

4. Pharming

While pharming, hackers compromise the naming system in a server so they can make users think they’re accessing legitimate sites when they’re actually being redirected to fraudulent ones. Once on the fraudulent site, users are prompted to provide sensitive data such as credit card information or Social Security numbers.

Read More: How to Safeguard Your Business from Data Breaches

The common types of cyber attacks that are perpetrated against small businesses include point-of-sale hacks and drive-by-downloads, plus exposure to risks you haven’t even thought of yet. You can help protect yourself, your employees, and your business by downloading our eBook How to Safeguard Your Business from Data Breaches.

In it, you’ll learn more about the special cybersecurity risks for small business owners, and you’ll also read about additional common security mistakes businesses make. Finally, you can learn best practices for preventing data breaches—including developing effective security policies and employee training programs—along with what happens during and after a business data breach, and how to handle the fallout.

Learn How to Safeguard Your Business

Free eBook

5 Responses to "How to Avoid the Top Security Risks to Your Small Business"
    • Nurcihan Bantum | May 21, 2020 at 12:24 am

      Great article

      • Chloe Silverman | May 21, 2020 at 8:45 am

        Thank you for the comment!

    • Tom Alciere | May 21, 2020 at 10:25 am

      One machine at the factory required a username and password to get into it to run it. Just for kicks and giggles, I decided to see what would happen if I hit ENTER, ENTER. Guess what? It let me in with supervisor privileges. I immediately reported the malfunction to a supervisor, and it took the company and supplier two weeks to figure out the problem. The document listing the passwords had a blank line at the top. They started on the second line. The first line consisted of null, and the “password” I typed in matched it.

    • Maggie Laprade | May 21, 2020 at 10:48 am

      I don’t think that either link for the e-book is working, or maybe I have a problem with my browser? Just letting someone know about this – thanks.

      • Small Biz Ahead Staff | May 22, 2020 at 12:11 pm

        Hi Maggie! We suggest using Google Chrome to open the ebook. Thank you!

Leave a Reply

Disclaimer: Comments are subject to moderation and removal without cause or justification and may take up to 24 hours to be seen in comments. Your email address will not be published. Required fields are marked * Please do not include personal policy information; if you have questions or concerns regarding your policy with The Hartford, please log into your account or you can speak directly to a Customer Service Representative.