Small Businesses Face As Much Risk for Data Breaches
If you have a bank account or a credit card, chances are you’ve been made aware of a hack or a data breach. Many think that big organizations are more frequently being breached, forcing them to run damage control for the often millions of customers affected. News coverage often bashes these big organizations, but what about smaller ones? The truth is, smaller businesses are breached just as often, with the consequences being just as severe. According to the 2018 Verizon Data Breach Investigations report, 58% of malware attack victims are small businesses. And the Ponemon Institute finds that cyber attacks against small businesses continue to increase, with 61% of SMBs effected in 2017.
Does Your Business Really Have to Worry About Data Breaches?
When the news reports a data breach or large-scale cyberattack, the event in question is usually one that has targeted an astronomical number of people, or has created difficulties that are undeniably newsworthy. How often has the national news reported a breach in one of your local Mom and Pop shops, as compared to entities like Equifax or Capital One?
Obviously, it makes sense that these small-scale attacks don’t often hit the national news cycle… after all, the Equifax breach compromised the data of 40 percent of Americans. However, in the month of July 2019 alone, there were approximately 2.2 billion records leaked over an assortment of 27 different cyberattacks. That’s about a quarter of the world’s population – not accounting for overlap between the information accessed.
Now, you may be wondering, how do these major breaches influence your business? Well, consider how many employees (out of a total of 49,000) Capital One has dedicated to its cybersecurity and data theft prevention? While I don’t have the official number to give you, it’s a pretty safe bet that it’s more than the average small business in Cleveland, Ohio.
Why Small Businesses are Vulnerable
As a result, a cybercriminal generally finds it much easier to access a small business’ network, and while the gains to be had are significantly smaller than they would be to hack into a global enterprise, many cybercriminals prefer to take the “larger amounts of smaller payouts” than the “more challenging single payout” option.
It’s no wonder, either…nearly 40 percent of small businesses ultimately pay up when faced with ransomware (much to the FBI’s dismay), and a single person’s personal information can be sold on the Dark Web for anywhere from $1 to a thousand times that… all depending on how much of their data was stolen. How many records like this do you keep on your customers and employees? It doesn’t take very many to make it worthwhile for a cybercriminal to steal them.
Many Attacks are Random
Chances are, if you were to be targeted right now by some kind of online threat, it would probably be more due to bad luck than it would be due to a concerted effort against you, specifically. Many of today’s biggest cyberthreats are the ones that can spread independently – things like phishing, malware, and trojans. Once a system is infected, the threat can spread via a network connection or an email.
While these threats have largely become obscured by the more newsworthy breaches, they are no less dangerous to a business.
How Can My Organization Protect Itself without an Enterprise Budget?
Smaller organizations do have one considerable advantage over large enterprises, like the 49,000-employee Capital One: fewer employees means fewer points of entry for a cyberthreat. You need to be sure that each employee, each piece of technology, every access method, and too many other factors to list here are all properly secured. For a small business (fewer employees, and less technology) this a much more manageable goal.
How to Secure a Small Business
● Deploy the basics: protect your organization with centralized endpoint protection, keep an updated firewall, maintain content filtering and intrusion detection solutions, use email protection (aka a spam blocker), and keep everything patched and updated.
● Comprehensive monitoring: this helps to catch issues early before they become major problems.
● Employee training: educating and evaluating you team will help prepare them for dealing with real threats they encounter.
● Compliance audits: based on the industry you operate in and the data you retain, you need to be sure you are abiding by established security standards.
● Data access requirements: enforcing things like Bring Your Own Device policies and password guidelines will help keep company data secure.
● Backup and disaster recovery: in the case of a data disaster, you will want to be able to restore your business’ data from a backup and continue operations. All providers offer to backup your data. The key question to ask, though, is how quickly can they recover it.
While this isn’t a one-size fits all list, a business of any size should use these practices as at least a starting point for their IT security. If you want more help in keeping your business secure, reach out to Ashton Technology Solutions. An IT security audit and the right solutions are just a call to 216 397-4080 away.