The internet and other digital technologies have revolutionized the way we do business. This much we know. But they have also opened the door to a whole new set of threats and dangers that each business owner needs to be prepared for. Although we are all aware of the NHS attacks in the UK or the Target attacks from a few years ago, hackers are no longer just going after big targets.
Small businesses represent easy targets and can offer fantastic rewards if attempts are successful. Hackers are catching on to this, with the share of attacks on small businesses growing each year. Currently, 43 percent of all cyber attacks are performed on small businesses.
Also, some small businesses, such as retailers, are more attractive to hackers largely because they have access to credit card and bank information as well as other personal data that can fetch a fair price on the black market. But why is this happening? Logic would dictate that larger companies would still be the best target since they have more information that is often more valuable.
Well, when you look a little closer, the fact these cybercriminals are shifting their focus actually makes a lot of sense. Here’s why your business could become a target for hackers and some things you can do to help protect yourself and your business.
Why Go After Small Businesses?
The consequences for hacking into a company’s data and stealing it are the same no matter the size of the company, so small businesses aren’t being attacked more frequently because it’s less of a crime. They are mainly doing so for the following reasons:
- Small Businesses Have Fewer Defenses. Cybersecurity measures are often perceived as an extra expense to many small businesses owners, and this leads people to invest less in protecting themselves. A survey by Manta found that 87 percent of small business owners do not consider themselves at risk of an attack, and this translates to few efforts to protect data. Large companies, on the other hand, recognize the risk and spend millions to protect their data. While the prize might be smaller at a smaller company, (although this isn’t always the case) it is far easier to get.
- Small Businesses Are Less Prepared. If you have any experience working for a large company, you know that protocols and procedures are everywhere. It is the same for cybersecurity. Small companies, however, rarely have cybersecurity. In fact, a study by the National Cyber Security Association revealed that 87 percent of small businesses do not have a formal plan and 69 percent do not even have an informal plan. Without a concrete policy, employees are likely to underestimate the risks in dealing with data, which could leave them vulnerable to phishing attacks. Considering user error is the leading cause of data breaches, this failure to educate employees could end up being rather costly.
- It’s Easier to Get a Ransom From Small Companies. Often times, hackers, instead of simply selling your data, will actually threaten you with its release in hopes of getting you to pay them a ransom. Large companies have tremendous resources at their disposal and can often get the data back before it is sold off and can report the threat to the authorities. Small businesses, on the other hand, often do not have these types of resources and are faced with either a devastating data breach or payment of the ransom. While it isn’t smart to negotiate with criminals, small businesses often pay hackers, and they know this, once again making small businesses an attractive target for cybercriminals.
- Small Businesses Still Have Valuable Data. Just because you are small does not mean you are worthless. Even if you deal with just a few hundred thousand people, their credit card or bank information is still valuable, and if you have access to more personal data, such as social security numbers or health records, this data could be even more desirable. Do not fall into the trap that being small makes you insignificant. If you have something people want, they will come after you.
The Damage They Can Do
It should now be clear why hackers go after small business, but what can they really do? We know they can steal your data, but what is the real effect of this on your company? There are two main consequences that will affect 1) your bottom line and 2) your reputation.
A Data Breach Can Sink Your Businesses
The average cost of a data breach is around $690,000 for small companies, and for middle-sized companies, it is over $1 million. Do you have the kind of cash needed to recover from a data breach? Probably not, and that’s why nearly 60 percent of small businesses fail within six months of a data breach. The damage is immense, and few companies can really come back from it.
A Data Breach Can Ruin Your Name
When you are first getting a company off the ground, your name is everything. It’s what makes it so hard to compete against big business—everyone knows them and what they stand for. A data breach is a PR nightmare and will require a fierce communications strategy to mitigate. Some of the bigger companies have these resources and can come out of a data breach unscathed, but some consider a data breach to be on par with an environmental scandal or poor customer service in terms of reputational damage. It’s very likely your name will be hurt from a data breach, and this is one of the main reasons you should take every step to prevent one from happening.
What You Can Do
Luckily, though, just because the threats are numerous does not mean you are helpless against cybercriminals. In fact, it’s quite the contrary. There is a lot you can be doing to be sure you do not fall victim to a hack, keeping your business safe and secure while it grows. Here are some things you should be doing now to improve your cybersecurity:
- Create a Company Protocol. As mentioned earlier, very few businesses have this. To prevent frustrating human error, take some time to educate your employees on the dangers of cybercrime and on what they can do to prevent it. Establish roles and create procedures for how to store and share data. It is also important to develop a plan for password creation and changes, as this is one of the most fundamental forms of cybersecurity.
- Get HTTPS/TSL. If you gather customer information over the internet, make sure your site is protected with “https” and TSL. These security protocols make it much more difficult for hackers to gain control of your systems, and they are also viewed more favorably by Google, which can help your SEO rankings.
- Use Antivirus/Malware Protection. This is fundamental, but make sure you are fully protected. It is tempting to opt for free services, but these often leave out important features. It might seem like a big expense for your company, but it is a much smaller one than that which you would incur should you experience a data breach.
- Use Virtual Private Networks (VPN). If you have employees who work remotely or if you deal with contractors, make sure these individuals are using VPNs to encrypt their connections and hide their IP address. This is especially necessary if these employees connect to public WiFi at cafes or libraries since these connections are notoriously insecure.
- Separate Devices. Along these same lines, if you have people who often work from home, make sure they have work-specific devices that are fully equipped with the proper protection. It might seem cheaper to just let people use their own devices, but this is creating a major security risk you could end up paying dearly for down the line.
- Get Cyber Insurance. While this is no substitute for security measures, knowing you will be covered in the event of an attack could help bring some much-needed peace of mind. Plans and pricing depend on the risk your company faces and how much coverage you are looking for, but if you think you may be a target, consider getting yourself insured.
Overall, the question should perhaps not be “Why do hackers target smaller businesses?” but rather “Why haven’t they been targeting them all along?” They are easy targets largely because businesses owners do not take the necessary steps to protect themselves. As such, hackers are shifting their focus. It is up to each company to adjust to this and to pay attention to this threat before it is too late. After all, the life of your business could depend on it.
What cybersecurity measures do you take with your small business? Have you ever been the victim of an attack? Do you plan to take any more steps to help protect your company? Let us know by leaving a comment below.
Zensurance is Canada’s leading online commercial insurance broker. We offer a full range of insurance products to small businesses, with a particular focus on digitizing businesses and technology startups. We understand what it is to work with new technology, and know the most common risks of which you should be aware. Based on that (and a lot of analytics), we recommend the ideal insurance coverage for your business.
About the Author:
Caroline is a cybersecurity expert who has many years of experience consulting with small businesses about the threats they face and what they can do about it. As an employee of a small company that suffered a data breach some years ago, she knows how serious things can get and works to spread awareness so that this does not happen to others.