If there’s one thing that most small businesses have in common, it’s a limited budget to invest in infrastructure. Yet failing to devote any resources to securing your technology can put the company itself at risk. Understanding the specific ways that small businesses are vulnerable to cybercrime — and how these dangers can be combatted even on smaller budgets — can make the difference in whether or not the company can survive attempted cybercrime.
How does small business cybercrime affect individuals?
Small businesses generally keep digital information on customer transactions and for employee records. Both of these databases are vulnerable to small business hacking. Cybercriminals are typically interested in access to bank accounts and credit card information, to drain those accounts. But they may also use social security numbers, physical addresses, and even medical insurance and employee benefit plan information to attempt more elaborate identify theft fraud.
How does cybercrime affect small businesses?
Exactly how hard a small business will be hit by a data breach depends not just on the extent of the episode, but on state laws which dictate how a company must respond to the incident. A study conducted by the Ponemon Institute estimated that, for every breached record, the small business employer was forced to pay up to $200 in the recovery process. This per-record cost takes into account the investigation, notifying the affected parties, paying for any litigation or liability, and the cost involved in stemming the breach.
Small business cybercrime can also damage the store or office’s reputation with its business partners. Hackers are often looking for ways to gain access to more heavily-protected information from larger corporations. Potentially, a small business that contracts with larger companies can offer a “backdoor” to those entities. Should that illegal access happen, the larger company is likely to recover from the breach — but also be reluctant to do more business with the small business that failed to protect the information.
Why should small businesses be especially concerned?
Small businesses are both more vulnerable to cybercrime incidents, and more likely to be disproportionately impacted by a single incident. In fact, an alarming 66 percent of small business will go out of business less than a year after a “significant” breach, analysts have discovered.
Why? That high per-breached-record cost is one key reason. Perhaps even more importantly, customers have less confidence in a small business’ ability to protect them from future incidents than they would be following notification of an incident from a major national chain.
And customers have good reason for this waning confidence. They understand that major companies have the resources to both protect themselves from phishing expeditions, and to recover from the breaches that do happen. Small businesses simply don’t have the financial or employee resources to devote to installing elaborate security systems that flag potential small business hacking attempts.
What are the leading causes of data breaches?
Surprisingly, only about one-third of small business data breaches came about through deliberate cybercrime, according to a recent study. The other two-thirds were almost equally divided between human error and technology glitches. Of course, these initially non-deliberate breaches are still causes for concern. Although hackers may not be the ones to “knock the door down” in the case of accidental breaches, they’re certainly on the lookout for these vulnerabilities to take advantage of the valuable data.
What can small businesses on a limited budget do to protect data?
Because two-thirds of data breaches come from human error and system glitches, small businesses have an opportunity to tighten these up, even on a limited budget. In fact, there are several budget-friendly ways small businesses can begin tightening up their data:
Consider the cloud. Perhaps because of high-profile celebrity hacking cases, many business managers are hesitant about storing data in “the cloud.” Yet these off-site storage systems are actually much safer options, especially for small businesses. Industry analysts warn that most cybercrimes or data breach scares came about because of printed material that was misplaced, or devices that were lost or stolen. Ensuring that important information can’t be found directly on employee devices or through discarded paper records is the first step toward keeping would-be cybercriminals at bay.
Designate an employee to do a quarterly data audit. Given the hectic nature of running a small business, it’s not unusual for department heads to lose track of where they’re actually storing the data. Have one or two team members regularly ensure that all of the information is being stored where it should be — and move it when it’s not. It’s also a smart idea for all relevant parties to receive an audit report on any ongoing mistakes that are happening.
Schedule regular training sessions. Company-wide meetings can be hard to organize for small businesses. Yet it’s crucial that every staff member know the mistakes and scams that various departments are vulnerable to. Whether it’s a restaurant’s credit card scanner or a payroll manager’s email inbox, different systems are vulnerable to different kinds of both deliberate and inadvertent breaches. Whether you arrange for company-wide seminars or separate department meetings, make sure to regularly train all employees on the latest vulnerabilities happening to your industry — and how to prevent them.
Inventory all network devices. As more employees bring their work home with them, the greater the number of privately-owned devices that interact with your network. It’s important to keep track of all of these tablets, laptops, and cell phones to install a mobile device monitoring tool. This will help authorize these devices, and keep them — and the business — better-protected.