February 18, 2016

Information Security Threats: Why Small Business is Such a Big Target

Some small companies may think that they’re not on the radar of information thieves.

But last spring, Steve Chabot, the small business committee chairman, informed a Washington hearing that 71% of cyber attacks occur at businesses with fewer than 100 employees.

“The majority of cyber attacks happen at small businesses,” he said.

What makes small businesses such a big target for information security threats?

• Lax security: While most small business owners know they must comply with privacy laws and legislation, the 2015 Shred-it Information Security Tracker survey showed that 37% have no protocols in place for secure destruction of confidential information, and 35% have no cyber security policy.
  
  Solutions: Implement a formal information security plan. Train employees, and make security a part of company culture.
• Limited budget: Chabot also pointed out that small businesses often have limited security budgets.
  
  Solutions: Investing in data security is essential, but it’s not all about huge spending. For example, there are simple ways to rally employees to help protect data. Provide locked consoles for documents that are no longer needed, and remind employees to use them with online and workplace reminders.
• Easy targets: Small businesses have more digital assets than individuals... but less security than larger enterprises. At the same time, cyber criminals are more likely to use stolen credit cards with small and medium-sized online merchants. Card-not-present scams are on the increase.
  
  Solutions: Keep all security software and safeguards up-to-date.
• Source of information: In an online article, Towergate Insurance reported that 82% of small business owners think they don’t have anything worth stealing. But a small business keeps employee and customer data, bank account information, and other financial and intellectual information, which is all valuable to criminals.
  
  Solutions: Protect confidential information with encryption and two-step verification but also by verifying financial requests by phone with banks, vendors, clients, and employees.
• Gateway: Small businesses can be a stepping stone to other larger companies, and large breaches often start this way.
  
  Solution: Stay up-to-date on the evolving risks of workplace vulnerabilities.
• Response plan issues: Towergate reported that 31% of small businesses lack a plan of action for responding to a security breach. Without one, companies may not detect an attack or not follow the proper protocol to contain it. Also, the average data breach can cost a company millions of dollars, and “not having a plan raises those costs 10 to 15%,” said industry leader Larry Ponemon.
  
  Solutions: Create a comprehensive incident response plan – and practice it.
• Trust factors: Small businesses tend to be tight-knit and therefore, trusting of employees and business partners. But insider fraud is on the rise (the Association of Certified Fraud Examiners reported that it cost $3.7 trillion across the globe in 2014).
  
  Solutions: “Be a little less trusting”, advises industry experts. Conduct proper background checks on employees and vendors. Monitor employee behavior, and pay attention to unusual changes in work habits, etc.

Today, it’s important to integrate paper recycling into normal business operations. A green shredding partner can help a small business do that – and maintain information security protocols too.