Statistics don’t lie: Cyber criminals are shifting their focus to small businesses. As Small Business Trends reports, 43 percent of cyber attacks target small businesses, and only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective. Cyber criminals find the low-hanging fruit to be easy pickings and less work. It goes without saying that the risks for mom-and-pop shops are too great not to pay attention to this issue. Have you thought about cybersecurity for your business lately?
More to Lose
Conventional wisdom might tell you that you have nothing to worry about—your little shop doesn’t have anything valuable to a hacker, right? You’d be surprised. With identity theft on the rise, and the sale of victims’ financial information on the dark web, small businesses are actually a prime target for hackers right now. And these small cybertheft incidents may come well under the radar of government investigators.
The truth is that successful attacks on your IT systems, especially those where sensitive data is stored, can totally wipe out your business; the reputation hit and legal costs are often too much to weather. According to statistics provided by the National Cyber Security Alliance (NCSA), 60% of small- and medium-sized businesses (SMBs) go out of business within six months of a cyber attack. But the funny thing is, according to NCSA’s stats, 51% of small businesses are not allocating any of their budget at all to the mitigation of cybercrimes. That’s a problem.
An Unsecured Environment
In their 2019 Identity Breach Report, data gatherer 4iQ cited a 424% increase in authentic and new identity breaches from 2017 to 2018. They claim that number is due to a shift in focus on small businesses. Perhaps it’s because cyber criminals have discovered how small businesses are lacking in the cybersecurity protections that larger companies take for granted.
Basic security practices are often neglected by companies who are too involved in running their business to make sufficient effort to protect it. But none of that matters if a major breach destroys your livelihood. Simple things like keeping your machines up-to-date, using strong passwords, and enforcing multi-factor authentication can make a huge difference.
These days, most people wouldn’t leave their house or car without locking it up tight, so as to not expose them to criminals in the area. So why would you leave your IT environment unguarded, potentially exposed to the whole world? Proactively dealing with the vulnerabilities in your network now can prevent the significant loss and heartache of dealing with a breach of your confidential data.
An Inviting Target
Aside from the fact that so many small businesses are not well protected, a small business owner might wonder, “What is there to steal?” An entertaining video from the Florida SBDC Network, “Cybersecurity: Small Business, Big Threat”, dramatizes the plight of a man with a dog grooming business who had been hacked. Why were they hacked? Information.
Information is money in today’s economy. Like many businesses, the dog groomer maintained a database of customers. Along with all their contact information, the hacker retained their credit and debit card information as well. How much is information like that worth? The credit reporting agency Experian says you may be surprised. Here’s a graphic with a rundown:
What You Can Do
The first thing you need to do is take an assessment of your current IT security defenses. Consider starting with the Critical Security Controls or NIST CSF. Do you have a good firewall? An intrusion detection system? A strong anti-malware program? Where are you vulnerable? (It’s okay to ask “what do these words mean?!” if they aren’t familiar.)
You should also place a strong emphasis on training. Make sure that all the company owners and managers know about IT security practices, and schedule training for all employees. Even those who are not online all day—like janitors and security guards—are subject to the tricks of social engineering by a clever hacker who shows up at your door.
Here’s another noteworthy stat from NCSA: Only 22% of small and medium-sized businesses had security training of any kind for employees in 2016. Of all the things your employees need to know, IT security is at the top of the list. Without it, you could lose everything. AaDya can help you assess your current security efforts, train your employees, and create your security posture.
Counting the Cost
It’s clear that all these security measures cost money. But you need to weigh that against the potential costs of a security breach. As payment processing company WorldPay points out, these costs extend far beyond the breach itself—small business owners must consider the financial repercussions of the below steps when recovering from a security breach:
- Customer notification costs
- Forensic investigations
- Industry fines and penalties
- Card replacement, credit monitoring, and identity theft repair
- Upgrade or replacement of POS system
- Additional security monitoring
But the costs to your reputation may be the most valuable. “When customers patronize a business, they trust that their sensitive payment information will be kept safe and secure,” explains the publication “Businesses that are victims of a data breach risk damaging the trust they’ve built with their customers.” That alone could be the end of any business trying to make a name in this world.
The real issue here may be the lack of awareness among some businesses owners regarding cybersecurity—some business owners don’t feel any risk at all. As the small business information source Manta reports, “When asked if they felt their business was at risk of experiencing a data breach, an overwhelming 87% of small business owners said they do not feel at risk.” On the contrary, the risk of cyber attack for small businesses is real—and growing. Every small business owner should recognize the importance of cybersecurity now, and proactively take appropriate steps to protect their employees, customers, and sensitive information.
Ready to start taking cybersecurity and IT seriously at your small business? AaDya can help! Email firstname.lastname@example.org to speak to an AaDya team member today.