When large data breaches take place, involving tens of thousands of records in a chain like Target, it makes the news. But when a local boutique for women is successfully attacked few hear about, but the pain is there, and the impact so severe a local store may close forever.
The odds of a cyber-attack are as good, if not better, to happen to a small or medium sized business as at a large retail chain.
The Ponemon Institute conducted a study in mid-2016 survey of 600 IT leaders working at small and medium sized businesses. Following are some key survey findings:
- For the 12 months before the inquiry, 50% of SMBs have been breached
- Of those attacks, the most common were phishing/social engineering and web-based
- 59% of SMBs are not aware of employee password practices
- 65% of respondents that have a password policy don’t enforce it
One reason small businesses, especially startups, are targeted by hackers is their lackluster security. In the beginning phase of the firm, targets for data theft are “business identity theft.”
Business Identity Theft
Black hat operators know that new businesses have new credit lines and credit cards and new websites with minimal if any security.
Several sites tell consumers their credit score and make their credit report available to them. This helps customers make sure their credit is secure, and their identity is safe.
Small business needs to put in place certain similar safeguards that include:
- Robust control and reviews of company credit cards
- Daily check of bank balances
- Reconciliation of vendor charges and items delivered
- Physical audits
The Risks Associate With a Data Breach
Data breaches are serious, and if customer personal identifying information, personal financial information, or HIPAA protected data are breached, businesses could be fined. Fines can be as much as $100 per record per breach. A violation of just 1,000 records can earn an SMB a fine of $100,000. Authorities responsible for data integrity enforcement include the Federal Trade Commission, The Consumer Protection Financial Board, and the Office of Civil Rights (OCR) in the Centers for Medicare and Medicaid (CMM). Types of businesses that can be fined include retailers, financial institutions such as mortgage brokers and physician offices. During the summer of 2016 several hospitals were fined tens of millions of dollars as they had been breached before and failed to correct the problem.
In addition to regulatory fines, businesses that are breached suffer from a diminished reputation that can cause loss of business or the attracting of future business as well as demoralized staff. Lost data also disrupts operations and until data is restored business may lag.
One important protection often overlooked by SMB is cyber security insurance. Many SMBs believe that this insurance only makes sense for large enterprises – many SMBs are wrong, and this kind of coverage is being offered specifically for the SMB market.
Business identity theft and other things such as insurance work after a breach and are not enough to proactively protect company and customer/client data. There are hardware and software solutions that an IT department can install, monitor and update.
Managed IT Security Service
But, many SMBs cannot afford to staff a full-time IT department to handle cyber security. A good solution is to hire an IT managed service provider. With a managed service provider based in the cloud, you can get IT security on a subscription basis with Software as a Service (SaaS).