If there’s one thing that most small businesses have in common, it’s a limited budget to invest in infrastructure. Yet failing to devote any resources to securing your technology can put the company itself at risk. Understanding the specific ways that small businesses are vulnerable to cybercrime — and how these dangers can be combatted even on smaller budgets — can make the difference in whether or not the company can survive attempted cybercrime.
Small businesses generally keep digital information on customer transactions and for employee records. Both of these databases are vulnerable to small business hacking. Cybercriminals are typically interested in access to bank accounts and credit card information, to drain those accounts. But they may also use social security numbers, physical addresses, and even medical insurance and employee benefit plan information to attempt more elaborate identify theft fraud.
Exactly how hard a small business will be hit by a data breach depends not just on the extent of the episode, but on state laws which dictate how a company must respond to the incident. A study conducted by the Ponemon Institute estimated that, for every breached record, the small business employer was forced to pay up to $200 in the recovery process. This per-record cost takes into account the investigation, notifying the affected parties, paying for any litigation or liability, and the cost involved in stemming the breach.
Small business cybercrime can also damage the store or office’s reputation with its business partners. Hackers are often looking for ways to gain access to more heavily-protected information from larger corporations. Potentially, a small business that contracts with larger companies can offer a “backdoor” to those entities. Should that illegal access happen, the larger company is likely to recover from the breach — but also be reluctant to do more business with the small business that failed to protect the information.
Small businesses are both more vulnerable to cybercrime incidents, and more likely to be disproportionately impacted by a single incident. In fact, an alarming 66 percent of small business will go out of business less than a year after a “significant” breach, analysts have discovered.
Why? That high per-breached-record cost is one key reason. Perhaps even more importantly, customers have less confidence in a small business’ ability to protect them from future incidents than they would be following notification of an incident from a major national chain.
And customers have good reason for this waning confidence. They understand that major companies have the resources to both protect themselves from phishing expeditions, and to recover from the breaches that do happen. Small businesses simply don’t have the financial or employee resources to devote to installing elaborate security systems that flag potential small business hacking attempts.
Surprisingly, only about one-third of small business data breaches came about through deliberate cybercrime, according to a recent study. The other two-thirds were almost equally divided between human error and technology glitches. Of course, these initially non-deliberate breaches are still causes for concern. Although hackers may not be the ones to “knock the door down” in the case of accidental breaches, they’re certainly on the lookout for these vulnerabilities to take advantage of the valuable data.
Because two-thirds of data breaches come from human error and system glitches, small businesses have an opportunity to tighten these up, even on a limited budget. In fact, there are several budget-friendly ways small businesses can begin tightening up their data: