2015 was a year of astonishing website hacks. From major companies like Experian to social media networks like Twitter, and even the IRS, everyone seems to be having data hacks. Small businesses might try to fly below the radar, but that's a problem. Here's why cybersecurity matters to small businesses.
As a small business owner, you may find comfort in obscurity. You might believe that your company is too small to be the victim of a data breach, or that you have nothing the hackers want.
But small businesses are common targets for cyber attacks. Over the past four years, more than 75% of reported security incidents involved companies with less than 100 employees, and the percentage continues to trend upward. So why are cyber criminals targeting small and medium businesses for data breach and identity theft?
Probably because it is easier. Just like their large-business counterparts, a small business may electronically store confidential customer information like:
-
Credit card information
-
Social security numbers
-
Birthdates
-
Driver's license information; and
-
Other confidential information.
But unlike large companies, small businesses don't have time, financial resources, or technical expertise on staff to protect their data. That can leave electronic records vulnerable to a cyber attack, and increases the likelihood of the intrusion going undetected. According to Verizon's 2016 Data Breach Investigations Report, in 93% of data breaches, attackers take minutes or less to compromise systems. But four out of five victims don't realize they've been attacked for weeks or longer. In 7% of cases it was over a year before the attack was detected.
The good news is that preventing a data breach may not be as difficult as it sounds. There are 9 basic patterns to cybersecurity threats:
-
Human error (like sending an email to the wrong person or responding to a phishing attempt)
-
Malware
-
Insider/privilege misuse
-
Physical theft or loss;
-
Web app attacks;
-
Denial-of-service attacks;
-
Cyber-espionage;
-
Point-of-sale intrusions; and
-
Card skimmers.
Of those, 90% of all cybersecurity problems are caused by human error or misuse. That makes defending against the vast majority of attacks a matter of policy. Make your people the first line of defense. Taking the time to train your staff on cybersecurity will help close gaps in your protection and protect your clients' information.
Here are a few tactics you can use to minimize your staff's exposure:
-
Only keep data you need to know;
-
Apply security updates to websites and databases promptly;
-
Encrypt sensitive information;
-
Use two-factor authentication; and
-
Use strong physical security.
Cyber attacks can damage your reputation, destroy customer trust, and affect your company's revenues. So protecting yourself against hacks and data breaches needs to be a business priority.
Provisio can help you identify gaps in your cybersecurity and build solutions to protect your customer data. In addition to building secure web solutions, we offer plans to maintain the security of your site. If you don't want to become part of the statistics, contact Provisio today to schedule a meeting.