Data is more important than ever. For some companies, the private data they collect represents the majority of their assets. For others, it’s customer data that matters, including information about client purchases and payments. And all businesses produce operational data that competitors would love to get hold of.
Because of this, we’ve looked into the major data protection threats posed to American small businesses. Read on to find out why you need to take protective action, and how to do so. And don’t turn away. This information could save your career.
Data protection: Why should small businesses bother?
Above all, small businesses have to be aware of the risks posed by cyber attackers. You can clearly see this by checking the USA’s small business cyber attack statistics. Some studies report that over 50% of US businesses were targeted by cyber attackers in the past year. And when attackers succeed, the cost of dealing with their activities averages around $1 million per attack.
Not many small businesses are equipped to deal with cyber attacks after the event. In fact, most small businesses fail to respond when they are targeted. Even more worrying, some small business cyber attack statistics suggest that 60% of companies targeted by cyber attackers fail within 6 months.
Even if that’s a slight overestimate, it’s clear that doing nothing is not an option. To remain viable in a world where cyber attacks on small businesses are proliferating, companies need to take action.
Examples from the real world about the damage cyber attackers can do
If you aren’t concerned yet, think about the fate of small and medium-sized companies who failed to meet the challenge posed by cyber attacks. Here are just a couple of small business cyber attack examples to chew on.
Back in 2012, Efficient Escrow was a thriving Californian payments company with a bright future. But successive cyber attacks from fraudulent wire payments to Russian and Chinese accounts drained over $1.5 million from the company and its clients. Facing action from state regulators, Efficient Escrow lasted until mid-2013 and then was no more.
In another case from 2009, Floridian construction company PATCO was defrauded over $450,000 by a Trojan horse attack. PATCO eventually got most of the money back, but only after a three-year legal ordeal where they had to take their bank to court. It took stamina and a bit of legal luck to get there – and not every small business can count on benefiting from either.
Avoid rookie mistakes when creating a security strategy
So, what is to be done about small business cyber threats?
First off, it’s important to know some of the most common mistakes made by CEOs when they are trying to prevent cyber attacks on small businesses. Armed with this knowledge, we can then think about the right way to go about neutralizing attackers.
1. Taking action too late
As we’ve seen, a shocking proportion of small businesses simply bury their heads in the sand, hoping that “it won’t happen to them”. But a cardinal rule of cyber-security is that you need to plan for the worst. Assume that you’ll be targeted and that the costs could be devastating.
2. Failing to invest in staff expertise
Staff is one of the key security weak points for small businesses. For example, team members might choose to work from unsecured public wi-fi hotspots, where attackers can harvest sensitive corporate data. Or their password practices could be extremely weak. That’s why all responsible small businesses allocate sufficient funds to security training for every staff member, without exception.
3. Executive laziness
Sometimes, it’s tempting to simply employ an IT contractor to secure your networks, install the right software, and bring staff up to speed. But that’s a huge risk. Instead of relying on contractors, it’s better to have rock-solid security protocols and plans in place, and for company managers to be as well informed as possible about how security systems operate.
4. Out of date software and hardware
When you look at the annual budget, updating VPNs, virus checkers, operating systems, and hardware isn’t always the top priority, especially if things seem to be going well. But threats can emerge out of nowhere, and out of date systems are prime targets. What’s secure right now can become dangerously vulnerable overnight. So be proactive. And be ready to invest in updates.
5. Struggling on regardless
In some small business cyber attack examples, the initial attack isn’t as damaging as the response. When companies are targeted, there’s a tendency to look internally for solutions, instead of admitting failure or bringing in external expertise. Don’t be that company. Openness, flexibility, and agility are essential, and you don’t have all the answers. So don’t start thinking you do.
Ways to secure your data and protect your business from cyber attacks
So far, we’ve been a bit negative, but actually, there’s plenty that small businesses can do to secure their date, so let’s run through some solutions.
1. Create solid disaster recovery policies
As we noted earlier, the way companies respond to threats is as important as the protection they use. And this is where disaster recovery is crucial. All businesses should draw up a disaster recovery plan, but hardly any do.
In fact, small business disaster recovery statistics show that just 75% of companies create continuity plans. When attacks occur, 93% of those companies will be bust within a year, so these plans really matter.
Make sure you have secure backup systems in place, with encrypted cloud or third-party storage. Make plans to bring in external experts to quarantine your systems, and have communication strategies in place to handle customer relations. And don’t panic. With a plan in your possession, you’ll know what to do.
2. Invest in VPNs and antivirus software
Before the worst happens, invest in the best protective measures. For small businesses, this means implementing reputable antivirus solutions across your local network, and ensuring that remote workers benefit from the same tools.
Use secure email services which include anti-phishing and malware scanners, as well as email encryption for sensitive documents.
Most importantly, protect the interface between your devices and the wider internet with a company-wide Virtual Private Network solution. These tools encrypt data and anonymize your staff, making them much less vulnerable to attackers. If anyone works remotely, using a VPN is absolutely essential, and there are plenty of providers that cater to small businesses.
3. Involve your whole team
Finally, try to create a security culture among your workforce. This applies to everyone, from the lowliest trainee to the CEO. Bring in external security trainers to advise about password security, social media use, communications protocols, and remote working. And try to train staff to maintain high standards at all times.
This flows from the top, by the way. Plenty of CEOs have fallen victim to “whaling” (the elite version of phishing), so don’t slack off. Everyone needs to be security aware.
By following our advice, you can avoid becoming another failure in the small business disaster recovery statistics. Nothing is automatic. Data protection takes hard work and planning. But it’s easy enough when you take it seriously. And with dire consequences for failure, is slacking off even an option?