Small businesses are easy targets for cybercriminals, yet many don’t have security in place to protect their data. The cost is often the company itself.
Small businesses are just as vulnerable to data loss as large enterprises. In fact, small businesses may be at greater risk because they make easy targets. This is because their security is not as sophisticated as that in large businesses, as many small businesses, either due to cost constraints or lack of awareness, try to get away with the bare minimum of protection.
In an article for Forbes Hollie Slade cites statistics from the National Cyber Security Alliance, which says that 20% of small businesses become cybercrime victims per year, and that 60% of those attacked close within six months of the incident.
Infosecurity Magazine cites a survey by McAfee and Office Depot, which found that there is discrepancy between how safe small businesses think they are and how safe they actually are. For instance, of the over 1000 small- and medium-sized businesses (SMBs) that participated in the survey, 66% believe that their security measures are adequate, and 77% say that they’ve never been hacked. Other findings, however, show that 72% of data breaches are aimed at SMBs with fewer than 100 staff members. According to the magazine, the reason for discrepancy is that SMBs simply don’t know that they have attacked.
The consequences are severe
One of the reasons that small businesses are so likely to close after a data breach is that they don’t have the resources to recover. Not only are there data recovery costs to consider, but there is also lost productivity due to down time, and the time that is lost trying to recreate data that may have been permanently lost or destroyed. Then there is the possibility of financial compensation to any clients who were adversely affected by the breach. This last consideration is possibly one reason why many SMBs neglect to inform clients/customers of data breaches.
Last, but by no means least is the cost to the company’s reputation. According to a report by Trend Micro, most customers say that they will cease their business dealings with a company if its security is breached.
The biggest risks
Let’s look at three of the biggest risk factors that make SMBs vulnerable to security breaches and data loss.
According to Trend Micro, employees can pose the biggest risk to a company’s cybersecurity. One of the reasons is negligence, pure and simple. For example, 77% of employees leave their computers unattended, often with sensitive documents open, or while logged in to applications that contain confidential information. They’re also not above visiting sites with dodgy security certificates and, despite the fact that, by now, they really ought to know better, they still click links in spam emails.
Another rising employee-related security concern is the use of personal devices for business purposes. Regardless of whether or not a company has a BYOD (Bring Your Own Device) policy, many employees use their personal laptops, computers, tablet devices and smartphones to access business emails and documents. According to Trend Micro, 56% of employees store sensitive data on their personal devices, which is a major security risk.
2) Security providers
Not all security providers are equal. There are some excellent (and affordable) security providers out there, but there are also some who don’t think twice about cutting corners and bending rules. This is why you need to look at several options before making a final decision. According to Hollie Slade, you need to consider things like their credentials and whether or not they comply with various industry associations and regulations.
You also need to consider how and where they store data. Different countries have different regulations regarding data storage and security, so providers may exploit loopholes by storing data in countries that are more lax than others.
3) No backups
Can you believe that 62% of SMBs don’t regularly back up their data? Despite the wealth of information available on the importance of data backups, the majority of small businesses still don’t do it. According to Trend Micro, lack of budget is the biggest reason why backups are so few and far between, but considering the financial risks, this seems rather short-sighted. It’s also been estimated that about 33% of businesses don’t have data backup and disaster recovery plans.
When you consider the findings regarding data security, data breaches and the vulnerability of small businesses, it’s scary to think that many SMBs still believe that it can’t happen to them. Whether it’s through overconfidence, complacence or ignorance, small businesses take their lives into their hands when they ignore the risk of cyber threats. Even limited financial resources shouldn’t be an obstacle to proper cyber security because without it there is the very real risk that the business will fold.
About the Author:
Jemima Winslow recently joined the ranks of the self-employed, which means she now has to take extra-special care of her computer systems to ensure that all of her new business data is safe.