Why hackers love small businesses

Cyber crime, trust, security risks

Small businesses are a “sweet spot” for hackers. They have far more valuable data than an individual and, typically, far fewer security measures in place than large organizations.

The latest findings on data breaches confirm the appeal of small businesses:

  • According to the 2017 Verizon Data Breach Investigation Report, 61 per cent of breaches hit smaller businesses last year, up from the previous year’s 53 per cent.
  • Symantec research found that 43 per cent of cyber attacks are lodged against small businesses.
  • The National Cyber Security Alliance found that 60 per cent of small companies are unable to sustain their businesses more than six months after a cyber attack.

Perception is part of the equation, too. Even if you’re paying careful attention to data security, the perception that you aren’t is driving hackers’ interest.

The data you have matters

Another recent survey found that while 58 per cent of small businesses are concerned about cyber attacks, 51 per cent are not allocating any budget to risk mitigation. The reason? Many small businesses don’t believe they store valuable data.

The opposite is true. Of course, if you’re in retail, you know the value of credit card information. But if you store email addresses, phone numbers, addresses, and similar personally identifiable information (PII), you are also at risk because this data can be exploited by hackers to gain access to your customers’ accounts.

The same is true if you store protected health information (PHI), as it can also be used to compromise accounts. And don’t forget about the intellectual property, business plans and other similar data you store, which could cause significant harm if it falls into the wrong hands.

Make your business a less-attractive target

Here are a few tips to make your business a bit less loveable to hackers:

Allocate the budget. Invest in personnel to protect against data breaches. If hiring isn’t feasible, consider managed service providers or third-party cloud solutions to help meet your data security needs. Do your homework first by talking to references, reviewing analyst reports, and researching online. Evaluate the purchase of cyber insurance as well.

Train employees to identify risk. Can your employees identify an email phishing or spear-phishing scam? Do they know how to create secure passwords? Do they know which data is sensitive and how to properly store and access this data? In many cases, data breaches start with a negligent employee. Invest time and budget to ensure your team is security-aware. Email phishing simulations are a relatively easy way to test awareness and remediate where needed.

Cover the technical basics. A robust backup and restore plan, encryption of sensitive data, and regular software application and virus protection updates are mandatory.

Monitor for threats. Employee monitoring software works by actively listening for suspicious or anomalous behavior around your sensitive data. Real-time alerts can help stop a breach attempt before it gets very far.

Create a breach response plan. Assume it’s a matter of when, not if, you suffer a data breach. Document the steps you will take to fix the breach, notify customers or partners who are impacted, and recover from monetary damage.

Warding off hackers does require an investment of time and budget, but the impact to your business will be far less than dealing with the effects of a breach.

Isaac Kohen, Founder and CEO, Teramind