While data breaches at major corporations are often the focus of news headlines, the reality is that small business are likely in more danger than large organizations when it comes to cybersecurity. Why?
Here are six points to consider:
1. Approximately half of all cyber attacks target small business.
Please see my article from last year entitled Small Businesses Beware: Half of all Cyber-Attacks Target You for more details as to how and why this is true. As Bill Conner, President and CEO of cybersecurity vendor, SonicWall, pointed outed to me, such statistics are especially scary because “while small to medium-size businesses are increasingly becoming targets, they often lack in-house expertise to keep their infrastructure secure. Many are extremely shorthanded when it comes to having the resources on hand to address these new advanced threats.”
2. The damage to small businesses after a breach can be severe.
As documented in multiple reports, many small businesses collapse, and literally fail altogether, as the result of the fallout of a cyber-breach.
3. Many small businesses do not provide cybersecurity training to employees.
According a poll conducted by the security firm, ESET, as of last year about a third of small and medium-size businesses do not provide employees with cybersecurity training. Obviously, it is difficult, if not impossible, for an organization to adequately secure itself when its people do not know what doing so entails.
4. The cost of implementing an appropriate information-security program need not be as high as many people assume.
A business that ensures that each and every one of its employees understands that he or she is target is already “way ahead of the pack.” People who believe that criminals want to breach their computers and phones act differently than people who do not yet grasp this reality, and, it should be of little surprise that the human behavior of employees strongly impacts the security of information belonging to the organizations for which they work. For some great tips on how to start securing a small business, please see the article 13 tips to improve cybersecurity at small businesses without spending a fortune.
5. Data may be permanently lost if a company gets infected with ransomware
A large number of the small and medium sized businesses that paid ransoms when hit with ransomware have not received their data back from criminals; some experts estimate that such losses may even have occurred to the majority of ransom-paying small businesses. Without proper protection, data can be lost forever. Owners and employees of small businesses should ask themselves “How well would our business function if it lost all of its data?”
6. Small business insecurity can impact big businesses and make the news.
Hackers, for example, are believed to have penetrated Target by first breaching a small HVAC contractor doing work for the giant retailer.
If you own, work for, or run a small business, and are not already doing so, I urge you to make information security a priority going forward.
An earlier version of this article appeared in Inc.