Target’s 2013 data breach cost the company $250 million in damages after hackers managed to steal around 40 million customers’ credit and debit card numbers. But the true overall cost can be hard to measure when you consider the bad press, the drop in productivity caused by internal mayhem during the crisis, and the dip in consumer confidence, all of which likely contributed to Target’s swift drop in profit following the breach.
And if this happened to Target, which employed a full cybersecurity team, it can easily happen to small businesses with meager or nonexistent cybersecurity budgets. So, how can your small business protect itself when you can’t afford a “Cyber Fusion security center?” It starts with identifying why small businesses are so often targeted, the common mistakes small businesses make, and the most common cyber attacks on small businesses.
Why Small Businesses Are Hackers’ Favorite Targets
When it comes to poaching data, hackers tend to focus on easy prey: small businesses. Why? They often lack strong security measures and standards. Likely due to their leaner teams and many hats, most small business owners don’t make it a priority to:
- Regularly monitor server networks and data
- Invest in an IT specialist
- Ensure that they only operate on secure Wi-Fi
- Learn about and train their employees on cybersecurity best practices
This may seem understandable, since many small business owners have a lot on their plate and tend to assume that getting hacked just won’t happen to them. But helping ensure data security is essential for small businesses. Most simply can’t afford to absorb the astronomical cost of a data breach in the way that a large enterprise like Target can. In fact, it’s reported that 60% of small businesses that suffer data theft close their doors within six months.
Three Common Security Mistakes Small Business Owners Make
Avoid these common mistakes to keep your business’s data safe.
1. Using Poor Password Standards
This is one of the top security mistakes small business owners make. Don’t be lazy about your password standards if you’d rather not join the ranks of small businesses that get hacked. The following password standards don’t yield strong enough passwords to withstand a password attack:
- Less than eight characters
- A lack of various letter cases, numbers, and special symbols
- Allowing the use of one password for multiple platforms and applications
And that’s just when it comes to the content of the passwords themselves. You also should regularly change all passwords and consider using two-factor authentication (where more than a user name plus password is required), for added security.
2. Lacking a Clear BOYD (Bring Your Own Device) Policy
Allowing employees to use their own electronic and mobile devices does have benefits. They’re comfortable using them, so they’re more efficient and productive, and it likely saves you overhead cost.
But, if your BYOD policy doesn’t include guidelines around software updates, IT support, encrypted data options, or when and where employee-owned devices can be used for work—and especially if your BYOD policy just plain doesn’t exist—then you leave your business wide open to data breaches.
3. Trusting Public Wi-Fi
While waiting for a client at your local coffee shop, it’s tempting to hop onto the free Wi-Fi and get some work done, but be wary. Hackers often set up their own Wi-Fi hotspots, giving them sneaky names similar to where they are (for example, Pete’s Coffee – Guest). When unwitting Wi-Fi users join these poser networks, hackers can easily gain access to their devices. And, even if you do land on the right network, public Wi-Fi offers little to no real security from savvy hackers.
Four Common Cyber Attacks on Small Businesses
Did you know that during any given second, 3.5 new cybersecurity threats arise? Small businesses are often the target. Here are the most common types of attacks on small businesses.
Malware is a broad term for malicious software that’s designed to gain access or cause damage to a device, typically with the purpose of stealing data such as personal information and credit card numbers. There are several types of malware small business owners should know about: adware, spyware, and Trojan horses.
2. Password Attacks
When a hacker learns your password(s), they gain access to all your information. Hackers can get an unknowing user’s password in several ways, including “brute force attacks” during which specially designed programs generate and try every possible combination of letters, symbols, and numbers. Using a 10-character password of upper and lowercase letters can slow down these programs, since it can take more than 100 years to land on the right one, so consider using longer, more complex passwords.
Hackers use this technique to trick people into willingly handing over their information, from passwords, to credit card numbers, to Social Security numbers. Typically, hackers pose as a reputable source via email or text, asking their victim to follow a link and, for a seemingly important reason, provide key information. While these types of attacks are often digital, phone phishing scams also are possible.
While pharming, hackers compromise the naming system in a server so they can make users think they’re accessing legitimate sites when they’re actually being redirected to fraudulent ones. Once on the fraudulent site, users are prompted to provide sensitive data such as credit card information or Social Security numbers.
Read More: How to Safeguard Your Business from Data Breaches
The common types of cyber attacks that are perpetrated against small businesses include point-of-sale hacks and drive-by-downloads, plus exposure to risks you haven’t even thought of yet. You can help protect yourself, your employees, and your business by downloading our eBook How to Safeguard Your Business from Data Breaches.
In it, you’ll learn more about the special cybersecurity risks for small business owners, and you’ll also read about additional common security mistakes businesses make. Finally, you can learn best practices for preventing data breaches—including developing effective security policies and employee training programs—along with what happens during and after a business data breach, and how to handle the fallout.
Learn How to Safeguard Your Business