Why Cybersecurity Needs to Matter to Small Businesses

Most small- to medium-sized business owners generally are not focused on cyber and data security, because they don’t believe they are vulnerable to cyber attacks. Most of them think, “we’re small, not a target like Sony Pictures, Target, Anthem, etc. No hackers would be interested in a company as small as we are.” However, the reality is, small- and medium-sized businesses are just as vulnerable to attacks from hackers as are large companies and government agencies.

According to Symantec’s Internet Security 2014 Threat Report: Targeted attacks aimed at small businesses (1-250 employees) in 2013 accounted for 30% of attacks. And, research shows that the proportion of attacks at organizations of this size is increasing. Looking at businesses with 1-500 employees, they accounted for 41% of all attacks in 2013, compared with 36% in 2012. Of those businesses that are breached, about 60% go out of business within six months of an attack.

A data breach can have many negative consequences for a small-sized business, including:

• Loss of important data
• Harm to reputation/loss of customers and future business opportunities
• Termination of or exclusion from government contracts
• Fines and other civil liability
• Lots of time and money to fix the problem

Why Would Hackers Be Interested in Smaller Businesses?

It’s often much easier for cyber criminals to go after small businesses. For a variety of reasons, small businesses have less sophisticated data security in place than larger companies. They can swoop in steal money and be gone quickly.

Additionally, gaining access to a smaller company’s data may be useful for criminals to hack into a larger company that they are doing business with. The smaller business may have access to IT systems or login credentials of larger clients. An example of this is the Target data breach in which network credentials for the HVAC system were stolen from a third-party vendor and were used to access the company’s electronic data, resulting in one of the largest data breaches to date.

80% of Data Security Threats Come from the Inside

According to the National Institute of Standards and Technology, 80% of security problems come from internal sources. So while there is a need to be vigilant about external threats. As we discussed in The Insider Threat: Your Trusted Employees Could Cause a Major Data Breach, internal threats from employees can be intentional or unintentional. Breaches can often be caused by non-business use of business equipment, which can allow threats in. Additionally, disgruntled employees can pose a serious risk to a company’s data security.

Data security today needs to be an ongoing aspect of daily business operations for all businesses regardless of their size, which includes implementing appropriate security software, developing data security policies and procedures, training employees how to handle sensitive company data on all devices, and employing IT asset management and deployment procedures, to ensure that they’re at as little risk as possible.