Most small businesses consider data breaches something that only impacts large multinational companies like Yahoo or Home Depot, but that’s no longer the case. Cyber criminals are increasingly targeting small and mid-size businesses, finding it’s easier, faster, and more profitable than going after larger companies.
There are over 35,000 computer security incidents in the U.S. every day, according to IT security company Kataku Technology. As larger companies see firsthand the consequences of data breaches, they’ve worked hard to increase security standards and practices. Cybercriminals are aware of the advanced security measures and have started looking for lower-hanging fruit: small businesses. In fact, PwC’s Global State of Information Security Survey 2016 found that over 80% of small businesses surveyed experienced a security incident in 2015. Although smaller companies don’t provide the same individual payload as larger firms, cyber criminals have found ways to compensate. Using viruses and ransomware, cyber criminals are able to automate attacks on thousands of businesses at a time, increasing their chances for multiple successful breaches – for far less investment and work.
Unfortunately, as small business attacks have increased, small business spending on IT security has dropped. Due to a lack of time, budget, or expertise, small businesses leave themselves vulnerable – even though the consequences can be severe. PwC’s 2016 report found that nearly 60% of the small businesses that experienced security incidents estimated financial losses of over $50,000. Between lost business, notifying customers, legal fees, regulatory fines, forensic investigation, and updating IT security, the costs of a data breach add up. Since most small businesses have tight margins, spending thousands of dollars to clean up after a data breach hurts the bottom line, and for many, isn’t even an option. At a 2013 government hearing about small business and cyber-attacks, Rep. Chris Collins stated that 60% of small businesses close within 6 months of a data breach.
The solution, which you’ve heard before and you’ll hear again, is to invest in security before you need it. An ounce of prevention is worth a pound of cure. Small businesses need to make protecting data a priority by enacting strong security standards, partnering with experienced security providers, and making sure everyone in the business is trained and follows security protocol. The most fool-proof way to ensure data is protected is to hire a professional. They’ll not only protect your data from being lost or stolen, they’ll also perform regular tests to reveal any potential weaknesses, and help you meet any legal or regulatory requirements that apply to your industry, for example HIPAA-HITECH or PCI-DSS.
When it comes to protecting your business and its customers, it’s not worth taking a risk. Ensuring your organization knows its risks, has clear, up-to-date security standards, and trains every employee to follow security protocol will help ensure that neither you, nor your customers, ever have to suffer a data breach.
InfoSafe, one of our vendors, provides affordable, comprehensive data breach prevention and regulatory compliance services to businesses of all sizes. NBP customers receive up to 45% off IT security resources from InfoSafe.