With so much focus on large corporations being hit by data breaches, it’s easy to forget that small and midsize businesses are targets too.
In fact, information thieves are targeting smaller businesses more than ever.
The Global State of Information Security 2015 survey by PwC, showed that medium-size companies reported 64% more incidents than last year while larger companies detected 44% more incidents.
The average cost of a data breach to a small or medium-sized business can range from $10,000 upwards to $375,000 in lost business opportunities, new equipment, IT support and fines, according to Kaspersky research. Reputation is damaged too.
Here are 11 reasons why small businesses are being targeted.
- As large firms improve their data security, cyber criminals are switching their focus to medium-size firms, according to the PwC survey.
- “Cybercriminals know there’s nothing small about SMBs,” said a FireEye Inc. white paper – SMBs account for 54% of all U.S. sales and half of private-sector payrolls. Kaspersky tallied more than 75 million businesses worldwide with fewer than 10 employees.
- Smaller businesses think their data is not valuable – but information thieves want any private information. It’s important to identify value assets, and put personal information security in place.
- There’s a general assumption that smaller firms are safe from cybercriminals. But Verizon’s 2013 Data Breach Investigations Report shows that more than 30% of data breaches occurred at companies with 100 or fewer employees. Every business needs a comprehensive information security policy that covers both paper and e-media.
- Small and midsize businesses are not taking measures to protect against security risks, according to a small business security survey by CSID – which means they’re an easy target. It’s important to protect social security number and other personal information.
- Very small businesses underestimate the scale of IT threats, according to Kaspersky research. While 74% of VSBs believe that 10,000 or fewer malware samples are discovered daily, the real figure is higher at 315,000 per day. “Work with the IT department so that your internal systems do not permit outsiders to gain unauthorized access, and locks them down if they do.”
- Lack of budget. While the CSID study showed that 22% of businesses plan to increase their budget for security-related measures, all businesses are encouraged to spend more in this area. Implement information security best practices such as document management covering both paper and electronic data.
- In the CSID study, 32% of small businesses consider social media use by employees to be a security risk. Security skills training will teach employees how to protect sensitive information in and out of the workplace.
- Attacking small businesses is a growing trend. According to Symantec, in 2014, approximately 50% of small businesses were the victims of cyber attacks, and that number is expected to grow in the future. Develop an data breach response plan.
- Cybercriminals often use compromised SMB networks to launch attacks against larger targets, according to FireEye Inc.
The Small Business Guide to Information Security can help a company to implement all the right safeguards.