Target’s 2013 data breach cost the company $250 million in damages after hackers managed to steal around 40 million customers’ credit and debit card numbers. But the true overall cost can be hard to measure when you consider the bad press, the drop in productivity caused by internal mayhem during the crisis, and the dip in consumer confidence, all of which likely contributed to Target’s swift drop in profit following the breach.
And if this happened to Target in 2013, which employed a full cybersecurity team, it can easily happen to small businesses with meager or nonexistent cybersecurity budgets. It’s also become increasingly important as recent events like COVID-19 have accelerated the shift toward digital platforms and e-commerce. With this shift, you’ll want to put even more time into protecting your business’ data and websites.
So, how can your small business protect itself when you can’t afford a “Cyber Fusion security center like Target?” It starts with identifying:
- The most common cyber attacks on small businesses
- Why small businesses are so often targeted
- The common mistakes small businesses make
Why Small Businesses Are Hackers’ Favorite Targets
When it comes to poaching data, hackers tend to focus on easy prey: small businesses. Why? They often lack strong security measures and standards. Likely due to their leaner teams and many hats. Most small business owners also don’t make it a priority to:
- Regularly monitor server networks and data
- Invest in an IT specialist
- Ensure that they only operate on secure Wi-Fi
- Learn about and train their employees on cybersecurity best practices
This may seem understandable, since many small business owners have a lot on their plate and tend to assume that getting hacked just won’t happen to them. But investing in data security is essential for small businesses. Most simply can’t afford to absorb the astronomical cost of a data breach in the way that a large enterprise like Target can.
Three Common Security Mistakes Small Business Owners Make
To keep your business’ data safe, it’s important to avoid these common mistakes:
1. Using Poor Password Standards
This is one of the top security mistakes small business owners make. Don’t be lazy about your password standards if you’d rather not join the ranks of small businesses that get hacked. The following password standards don’t yield strong enough passwords to withstand a password attack:
- Less than eight characters
- A lack of various letter cases, numbers, and special symbols
- Allowing the use of one password for multiple platforms and applications
And that’s just when it comes to the content of the passwords themselves. You also should regularly change all passwords and consider using two-factor authentication (where more than a user name plus password is required), for added security.
2. Lacking a Clear BOYD (Bring Your Own Device) Policy
Allowing employees to use their own electronic and mobile devices does have benefits. They’re comfortable using them, so they’re more efficient and productive, and it likely saves you overhead cost.
But, your BYOD policy should include:
- IT support
- Encrypted data options
- When and where employee-owned devices can be used for work
If your policy doesn’t include these elements or if your policy just plain doesn’t exist, you’ll leave your business wide open to data breaches.
3. Trusting Public Wi-Fi
While waiting for a client at your local coffee shop, it’s tempting to hop onto the free Wi-Fi and get some work done, but be wary. Hackers often set up their own Wi-Fi hotspots, giving them sneaky names similar to where they are (for example, Pete’s Coffee – Guest). When unwitting Wi-Fi users join these poser networks, hackers can easily gain access to their devices. And, even if you do land on the right network, public Wi-Fi offers little to no real security from savvy hackers.
Four Common Cyber Attacks on Small Businesses
Did you know that during any given second, 52% of breaches in 2020 were caused by malicious attacks? Small businesses are often the target, especially with the recent digital shift due to COVID-19. Here are the most common types of attacks on small businesses.
1. Malware
Malware is a broad term for malicious software that’s designed to gain access or cause damage to a device, typically with the purpose of stealing data such as personal information and credit card numbers. There are several types of malware small business owners should know about: adware, spyware, and Trojan horses.
2. Password Attacks
When a hacker learns your password(s), they gain access to all your information. Hackers can get an unknowing user’s password in several ways, including “brute force attacks” during which specially designed programs generate and try every possible combination of letters, symbols, and numbers. Using a 10-character password of upper and lowercase letters can slow down these programs, since it can take more than 100 years to land on the right one, so consider using longer, more complex passwords.
3. Phishing
Hackers use this technique to trick people into willingly handing over their information, from passwords, to credit card numbers, to Social Security numbers. Typically, hackers pose as a reputable source via email or text, asking their victim to follow a link and, for a seemingly important reason, provide key information.
In fact, Gmail blocks more than 100 million phishing emails a day. And recently, Google has blocked more than 18 million daily malware and phishing emails related to COVID-19. On top of this, it’s also important to remember that phishing scams aren’t always digital. They can also be over the phone.
4. Pharming
While pharming, hackers compromise the naming system in a server so they can make users think they’re accessing legitimate sites when they’re actually being redirected to fraudulent ones. Once on the fraudulent site, users are prompted to provide sensitive data such as credit card information or Social Security numbers.
The common types of cyber attacks that are perpetrated against small businesses include point-of-sale hacks and drive-by-downloads, plus exposure to risks you haven’t even thought of yet. You can help protect yourself, your employees, and your business by downloading our eBook How to Safeguard Your Business from Data Breaches.
In it, you’ll learn more about the special cybersecurity risks for small business owners, and you’ll also read about additional common security mistakes businesses make. Finally, you can learn best practices for preventing data breaches—including developing effective security policies and employee training programs—along with what happens during and after a business data breach, and how to handle the fallout.
Learn How to Safeguard Your Business
Free eBook
Thank you for sharing these invaluable insights on the essentials of a business security system. As a small business owner, this article has been a game-changer for me. Understanding the top security risks and learning how to mitigate them with a comprehensive security system is paramount. Your detailed breakdown of the essentials provides a clear roadmap for enhancing our business security. I appreciate the practical tips and guidance – it’s a must-read for any entrepreneur aiming to fortify their business against potential threats. Kudos for shedding light on such a critical aspect of business management! 👏🔒
You’re welcome, we’re glad you liked it!
Glad you look out for these things.
We’re happy to help! Thanks for commenting, Thomas!
I don’t think that either link for the e-book is working, or maybe I have a problem with my browser? Just letting someone know about this – thanks.
Hi Maggie! We suggest using Google Chrome to open the ebook. Thank you!
One machine at the factory required a username and password to get into it to run it. Just for kicks and giggles, I decided to see what would happen if I hit ENTER, ENTER. Guess what? It let me in with supervisor privileges. I immediately reported the malfunction to a supervisor, and it took the company and supplier two weeks to figure out the problem. The document listing the passwords had a blank line at the top. They started on the second line. The first line consisted of null, and the “password” I typed in matched it.
Great article
Thank you for the comment!