Small businesses need mighty shields to combat big threats
SMBs' data, often more susceptible to hackers, requires greater cyber protection
By Brian Huntley, Special to ThirdCertainty
Cyber criminals’ focus has shifted from Corporate America to Main Street, where smaller businesses that handle credit card transactions and confidential information often are more vulnerable because they’re less prepared.
Thieves are quick to learn that small businesses detect intrusions or breaches at a slower pace, often months or years after the initial point of exposure, making them an attractive target.
A National Small Business Association report says that by the end of 2014, “half of small businesses reported having been the victim of a cyber attack (up from 44 percent in 2013). Of those, 61 percent say an attack had occurred within the last year.”
Small and midsize businesses (SMBs) are more susceptible because they usually lack the technical and financial resources to protect data. They often have little understanding of the type and volume of information in their systems, or what is shared with third parties such as payroll-service providers and employee benefits providers. They also may lack strong leadership expertise in data-privacy risk management.
SMBs also are at risk of being breached in a case of insider theft or by a third-party breach, such as through a partner vendor or a service provider. A Ponemon Institute study found that SMBs have a higher risk of employees mismanaging data than big companies, raising their risks of a data breach.
Small businesses’ access to such resources as cloud-based services have increased access to, storage of and manipulation of data and provides access to a more targeted customer base and greater market opportunities. But it also comes with potential downsides.
Is there a threshold in terms of number of accounts or amount of accessible data when SMBs become more susceptible to a hack? Not really. Whether a business has 50 accounts or 500,000 accounts, if it’s not aware of what data it has, and doesn’t understand privacy laws and regulations that govern data’s security, it’s probably not properly protecting the data, and is more susceptible to a breach.
The more data stored and used by employees, the greater likelihood of that data being exposed. SMBs should routinely ask how long they should keep data, how it’s being protected, why they need that data, and when they should delete it.
Don’t overlook paper files; not all breaches are technical. Forgetting to shred a document or leaving medical or account information visible can lead to the risk of insider data breaches, through malice or carelessness.
More on cybersecurity for SMBs:
Managed security services help SMBs take aim at security threats
To manage antivirus solutions, SMBs need a security mind-set
Cyber liability insurance for SMBs debated