Small businesses need mighty shields to combat big threats

SMBs' data, often more susceptible to hackers, requires greater cyber protection

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Cyber crim­i­nals’ focus has shift­ed from Cor­po­rate Amer­i­ca to Main Street, where small­er busi­ness­es that han­dle cred­it card trans­ac­tions and con­fi­den­tial infor­ma­tion often are more vul­ner­a­ble because they’re less prepared.

Ed note_Brian HuntleyThieves are quick to learn that small busi­ness­es detect intru­sions or breach­es at a slow­er pace, often months or years after the ini­tial point of expo­sure, mak­ing them an attrac­tive target.

A Nation­al Small Busi­ness Asso­ci­a­tion report says that by the end of 2014, “half of small busi­ness­es report­ed hav­ing been the vic­tim of a cyber attack (up from 44 per­cent in 2013). Of those, 61 per­cent say an attack had occurred with­in the last year.”

Small and mid­size busi­ness­es (SMBs) are more sus­cep­ti­ble because they usu­al­ly lack the tech­ni­cal and finan­cial resources to pro­tect data. They often have lit­tle under­stand­ing of the type and vol­ume of infor­ma­tion in their sys­tems, or what is shared with third par­ties such as pay­roll-ser­vice providers and employ­ee ben­e­fits providers. They also may lack strong lead­er­ship exper­tise in data-pri­va­cy risk management.

SMBs also are at risk of being breached in a case of insid­er theft or by a third-par­ty breach, such as through a part­ner ven­dor or a ser­vice provider. A Ponemon Insti­tute study found that SMBs have a high­er risk of employ­ees mis­man­ag­ing data than big com­pa­nies, rais­ing their risks of a data breach.

More: SMBs should start with sim­ple solu­tions to man­age secu­ri­ty risks

Small busi­ness­es’ access to such resources as cloud-based ser­vices have increased access to, stor­age of and manip­u­la­tion of data and pro­vides access to a more tar­get­ed cus­tomer base and greater mar­ket oppor­tu­ni­ties. But it also comes with poten­tial downsides.

sh_SMB_280Is there a thresh­old in terms of num­ber of accounts or amount of acces­si­ble data when SMBs become more sus­cep­ti­ble to a hack? Not real­ly. Whether a busi­ness has 50 accounts or 500,000 accounts, if it’s not aware of what data it has, and doesn’t under­stand pri­va­cy laws and reg­u­la­tions that gov­ern data’s secu­ri­ty, it’s prob­a­bly not prop­er­ly pro­tect­ing the data, and is more sus­cep­ti­ble to a breach.

The more data stored and used by employ­ees, the greater like­li­hood of that data being exposed. SMBs should rou­tine­ly ask how long they should keep data, how it’s being pro­tect­ed, why they need that data, and when they should delete it.

Don’t over­look paper files; not all breach­es are tech­ni­cal. For­get­ting to shred a doc­u­ment or leav­ing med­ical or account infor­ma­tion vis­i­ble can lead to the risk of insid­er data breach­es, through mal­ice or carelessness.

More on cyber­se­cu­ri­ty for SMBs:
Man­aged secu­ri­ty ser­vices help SMBs take aim at secu­ri­ty threats
To man­age antivirus solu­tions, SMBs need a secu­ri­ty mind-set

Cyber lia­bil­i­ty insur­ance for SMBs debated