Hackers want your data.
They don’t care how many employees you have, how much money you make or how much good you do in the world. If you have valuable data, they want it.
You’ve heard about the big data breaches: Target. Home Depot. Sony. Equifax. I could go on. A company is breached. Data is stolen. Millions are affected. Everyone is shocked. It happens over and over again.
What about the smaller data breaches you haven’t heard of? When a large business is the target, the event is highly publicized, but that’s not true for small business data breaches. So are they as vulnerable?
The answer is yes. A small business is an exceptionally vulnerable mark for a cyber-attack, even though you don’t hear as much about them on the news.
Here is a harsh, but true, reality: When a breach happens to your small business, the consequences could close your doors.
Read on to learn more about the danger, the risks and three weaknesses that made one small business so easy to hack.
60% Will Close Within Six Months
Many small businesses don’t think anyone is going to hack them. This thinking is a shiny, shimmering beacon to hackers looking for easy targets.
Unfortunately, my conversations with many small businesses start with a common concern:
“We can’t afford to secure our networks. We’re just a small business.”
Many support this budgetary concern with the conclusion that they’re too small to be a data breach target, but small businesses are the victims of 43% of all data breaches. Furthermore, it’s been reported that 60% of small businesses who are victims of a cyber-attack will close their doors within six months.
What Do You Stand to Lose?
Let’s say you’re in the 40% of small businesses that manage to stay open after a cyber-attack. Maybe you’re a bakery, an architectural firm or a nonprofit. You have one employee, or six, or even 300.
You do your best to secure your network and ensure your security measures are working. What happens if, despite your best efforts, your network is jeopardized?
Your business could be at stake. Think of what you have to lose:
Exactly what type of data will vary depending on your business, but this can include:
- Customer data (email addresses, credit card information, passwords)
- Employee records (date of birth, social security numbers, bank account numbers, home addresses)
- Confidential company information (financial data and analysis or files and emails containing product or company initiatives)
Reputation & Trust
Once your reputation is harmed, it's tough to repair. Think about your relationships with other vendors and your appeals to gain new customers. When your reputation is compromised, these relationships will waver.
What does a data breach do to the trust of your current customers? They trust you with their data, and a breach can make them question their existing partnership with you. It can even cause them to leave your organization.
Your employees are what makes your company great. A data breach can compromise their confidence in their own employment. It can also set them back on projects, either because your systems are down, or because you need employees to focus their efforts on damage control.
Assuming your incident is made public, it's likely that one or more top officials will be asked to resign. Any of these morale-busting scenarios will add stress to your workforce.
This one should be obvious. With a poor reputation, lost trust and sinking morale, your bottom line is bound to suffer. The average data breach costs about $4 million, with each lost record valued at $158. The number of records, and therefore overall cost, can be less for a small business, but would the loss be survivable for your business?
Consider that every minute 3,654 records around the world are stolen. For a small business, on average the cost to secure a system after a data breach is just shy of $700,000.
Three Weaknesses That Make You an Easy Target
I’m working with a new client now, a small business with fewer than 10 employees. Employees arrived at work one day to find their computers had been hacked and turned into spambots. Their network was sending unsolicited messages (spam) to the company’s email distribution lists, including all their customers. This is just one example of a small business being vulnerable to an attack.
Hackers didn’t choose to attack this specific business, but they did look at any and all unsecured networks. They looked for an easy hack.
This business had three points of weakness that made them susceptible:
Low or Non-Existent IT Security
This was a textbook example of a business that didn’t think they would ever be hacked. They simply didn’t have security in place. No firewall, weak passwords and no system monitoring to detect breaches.
At first, the staff only noticed a slow network. Simply opening the Google homepage took over a minute. They were annoyed, but didn’t know they had fallen victim to a malware attack.
While they noticed a sign of the breach, no one knew to report a bigger problem. They only realized their systems were compromised when their IP provider put them on a blacklist, so they could no longer send emails to their own customers.
Overwhelmed, Unprepared or Non-Existent IT Staff
The specific business I’m working with does not have an IT staff. They are a nonprofit that relied heavily on volunteers to fix issues. Other small businesses may have an IT department that is stretched thin or may not have the industry knowledge needed to secure and respond to vulnerabilities in the system.
Once this business managed to clean up the malware and got removed from the blacklist (a long, painful process), about six months passed before they were attacked again, and they had to start all over.
They were still vulnerable. Only after being attacked several times were they ready for a long-term solution.
You Can Prevent Cyber-Attacks
If you think about it, hackers have an easy street. All they have to do is find one vulnerability to get into your system. You, on the other hand, have to safeguard against every possible weakness.
But you can still prevent attacks by putting the right IT security in place, training your users to guard against threats and applying IT oversight to make sure your systems aren't compromised.
Are you doing everything you can to protect your clients’ data?
Read Next: Ten Reasons You Need an S2Score
Ray is an IT account executive with nearly 25 years of experience making IT work for companies of all sizes. He has spent the last 5+ years working primarily in the banking, finance and church markets. Ray understands the challenges of these industries and the impact of today’s compliance and security pressures. In his free time, Ray enjoys coaching soccer and reading.