Your Small Business WILL Get Hacked: Why You Should Care and How to Prevent It
When it comes to data protection, an ounce of prevention is worth a pound of cure. Here’s why your small business should take a proactive approach to data security.
Fact: Small Businesses Are Particularly Vulnerable to Data Security Attacks
Many business owners don’t realize it, but hackers tend to target small businesses over larger ones. Typically, smaller businesses have fewer data security measures in place, which makes them easier to infiltrate. Plus, small businesses are often ill-equipped to identify threats, so hackers can do significant damage before being detected. Sometimes, hackers attack a small business to gain access to more valuable data held by its partners and vendors. Cyber criminals may also hack small businesses to develop the skills and experience necessary to attack mid- to large-sized businesses.
Fact: Most Small Businesses Don’t Recover From a Data Security Attack
A data security breach can have a more significant impact on a small business than a large enterprise. That’s because most small businesses don’t have the capital, technical talent, or other resources to respond to and overcome a data security breach. In fact, 60 percent of small businesses that experience a data security attack close within six months.
Equally alarming is the fact that the cost of a small-business security breach appears to be increasing. The National Small Business Association reports that in 2013, the average cyber attack cost a small business $8,699. In 2014, that figure increased to $20,752. Additionally, according to Frontier Small Business Experts, data attacks cost an average of $154 per lost or stolen record this year, which is an increase of six percent over 2014.
Small businesses that manage to survive a data security breach have a hard time winning back customers. Unlike large enterprises, small businesses don’t have the resources to launch a savvy marketing campaign to rebuild their brand and regain customer trust. Additionally, data security breaches are often accompanied by lawsuits and government fines, which small businesses can’t afford to pay or fight like many large organizations can.
Fact: You Can Take Steps to Help Protect Your Small Business from a Data Breach
As a small-business owner, you want to do everything in your power to help your business succeed. Now that you know how difficult it can be for a small business to recover from a security breach, take the necessary steps to protect your business from being the victim of a breach in the first place.
- Use the Workplace Security Risk Calculator sponsored by the National Cyber Security Alliance to assess your organization’s vulnerability to a data attack. For additional insights, consider hiring a security expert to audit your systems and provide recommendations for increasing data security.
- Establish a written data security policy and communicate it to employees. Use a template to help ensure your policy covers the fundamentals of data security and make modifications as necessary. You can also create a custom plan using the Federal Communications Commission’s Small Biz Cyber Planner.
- Stay in compliance with applicable laws. If your small business collects personally identifiable information (PII), such as social security numbers, birth dates, or any data that may identify a specific individual, there are compliance laws by which you must abide.
- Lock hard-copy records containing sensitive data in a secure location and control access. Digital records should be encrypted and stored off-site. Consider encrypting electronic communication within your company if PII or other sensitive information is transmitted.
- Set up a two-factor authentication for all online business accounts to help minimize the likelihood of them being hacked. To help further reduce the chance of hacking, prohibit employees from using public wireless networks for company-related business, and remind them of basic cyber security measures.
- Invest in an off-site data backup solution. In the event information is lost as the result of a security breach — or for another reason, such as a fire or burglary — it can be recovered.
- Keep antivirus software up-to-date, as well as any other security applications. You should have the latest security patches and bug fixes installed.
- Create protocol for employees to follow when accessing and storing company data via their mobile devices. If your employees use portable devices like SD cards, USB flash drives, or hard drives, make sure they understand the security risks associated with doing so and how to mitigate these risks.
- Conduct a security audit once per month, or any time you notice suspicious activity. Look for everything from viruses and malware to unusual financial transactions.
- Develop a data breach incident response plan and practice it with your employees quarterly. For additional protection, you may want to consider cyber insurance.
Every business, whether it’s large or small, can fall victim to a data security breach. Fortunately, most data attacks are preventable. While there is no one-size-fits-all security solution and no guarantees, taking a proactive approach to managing and protecting sensitive data can go a long way toward keeping it secure.