If a big company like Target or Neiman Marcus can suffer a Data Security Breach, it can certainly happen to your small company. In fact, it’s probably more likely to happen. And though no business, big or small, is ever guaranteed to be completely protected from a data security breach, if a company does not take the proper proactive security steps, it will almost definitely happen.
After millions of shoppers fell victim to massive data breaches at Target and Neiman Marcus, investigations revealed that the mastermind behind the malware used in the attacks was a 17-year-old boy. For reference, malware is destructive computer software that interferes with normal computer functions, or sends personal data about users to unauthorized parties over the Internet. That is exactly what happened in these two breaches. Investigators have revealed that the teen allegedly created the malware last March, and started selling it to an unreported number of cyberhackers in Eastern Europe. The teen is from the Ukraine, and authorities believe the malware leveraged in these breaches was used by hackers in Russia. Up to 110 million Target shoppers had much of their personal information like credit card numbers, PINs, and even personal addresses compromised because of the breach. Can you imagine how your customers would react if they were victimized like this because of a network security breach at your company?
Companies, regardless of size, rely on critical business data to succeed and flourish. Based on a recent study, more than 78% of organizations have suffered from at least one data breach over the past two years. Your company may face considerable financial liabilities if it loses sensitive data. Even worse is the damage to your reputation, especially since most consumers say they would entirely stop dealing with an organization in the event of a security breach. Even small businesses with antivirus solutions in place are prime cybercrime targets.
Three surprising ways that small companies are more likely to suffer a worse data breach:
- Small business data breaches are more likely to go unnoticed. Target's data breach was first spotted by tech journalists and security firms who noticed that hackers were trying to sell a large amount of stolen data on underground websites. The massive amount of stolen credit card information alerted journalists that something was going on. However, when a small business is hacked, it will most likely go unnoticed by these watchdog groups. Hackers will glean less information, and so no one hack will lead to noticeable changes in data black markets.
- Media attention protects large businesses, but not small ones. Hackers often wait to use stolen data from data breaches at large companies, but they might not be so shy with small business breaches. When a company like Target is hacked, rather than going on a spending spree, identity thieves delay using stolen credit cards until the fuss dies down and consumers and credit monitoring services stop watching their accounts so closely. Small businesses are more likely to be hit immediately and harder with identity theft because hackers know there isn't the same scrutiny.
- Small businesses are underinsured. Many large businesses have Cyber Liability Insurance, which covers them when they are hacked. This policy pays for the credit monitoring services that are currently protecting Target's customers. By contrast, small business owners very rarely are carrying this type of coverage.
Three Myths and Facts the Small Business Owner should be aware of:
MYTH #1: My business is too small to be a target.
FACT: Size does not matter. Believing you are not susceptible to a breach, combined with the vast amount of data your business holds, potential employee negligence, and a lack of a dedicated IT staff makes your business a prime target for attackers. In fact, the majority of small businesses agree they can’t do enough to protect their data using the measures and technologies they currently have in place.
Cyber criminals do not discriminate. As long as they can gain profit and find anything lucrative to exploit, they will. Understanding the threats your business faces, their potential impact, and the regulations you need to follow is really the least any business owner should be doing.
MYTH #2: The antivirus I have is good enough.
FACT: Traditional antivirus software is not a cure-all. An advanced persistent cyber threat can manage to stay undetected in a network or system for a long period while progressing toward its goal—usually to steal data. An advanced persistent cyber threat’s ability to bypass blacklisting allows it to move within the network without detection and steal corporate passwords in order to gain access to other systems.
Since attackers consider small businesses prime targets, relying on traditional security technologies can also put you at risk for a customized malware attack in which hackers identify their victims and purposefully infect the user's computer to steal data. Customized malware attacks account for most data breaches and the chances of a data breach are higher when businesses believe that their traditional antivirus is enough to protect their assets, particularly against customized attacks.
MYTH #3: I can trust my employees and don’t have to worry about enforcing data security policies.
FACT: A company’s greatest asset—its employees—can also be its weakest link. The top reasons cited for data loss were employees’ tendency to open attachments or click links embedded in spam, to leave their systems unattended, to change their passwords too infrequently, and to visit restricted sites. This negligence puts critical business data at risk from data-stealing cybercriminals and malicious insiders. Research shows that 56% of employees frequently store sensitive data on their laptops, smartphones, tablets, and other mobile devices. This means there is more than a 50% chance that confidential information can land in the wrong hands should they lose these devices.
What you can do about it:
Start with these IT security best practices:
• Secure, encrypt, and password protect sensitive customer and employee data.
• Set rules for your employees; don’t let Social Networking compromise your data.
• Dispose of sensitive documents completely and securely.
• Limit access to sensitive data.
• Ensure that all software and systems are updated as needed.
• Put up firewalls to block hackers.
• Establish secure remote access protocol.
The bottom line:
Patch the holes in your organization’s walls. Identify which information is critical, who could and should be able to access it, then investigate the best ways to protect it with the aid of a trusted IT advisor or your Managed Service Provider. Like holes or cracks in walls, areas where your company data is most vulnerable can cause your security perimeter to crumble. ANP is offering a free IT Webinar for business owners this month regarding how to secure your company data. Register by clicking on the button below: