Think your business is too small to be the victim of a cyber attack? Think again. Don't assume that your company's size lets you go unnoticed by cybercriminals. In fact, Small to medium sized businesses are sometimes easiest to breach, making them the most common attack targets.
As a small business owner, you face the challenges of keeping important data out of reach of those with bad intentions. Installing a strong security solution is a great first step to protecting your business and data but don't just set it and forget it. Take a proactive approach to your company's security today.
Here are seven reasons why you should prioritize data security for your small business immediately.
1. Full Data Compliance with New Privacy Regulations Is More Complex Than It Seems
Can you name the rules and restrictions of the California’s New Data Privacy Law (CCPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) or the Payment Card Industry Data Security Standard (PCI DSS) off the top of your head? If not, you’re not alone.
But CCPA can have a huge impact on all businesses serving California residents. From July 2020, the California Attorney-General can pursue CCPA civil penalties from any person that violates any section of the CCPA – and the maximum amount of penalty you can get is $7,500 per intentional violation or $2,500 per unintentional violation of this data security law, according to Terms Feed. Underestimating HIPAA regulations can get costly too. Lifespan Health System Affiliated Covered Entity, a not-for-profit Rhode Island health system, has to pay $1,040,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of HIPAA Privacy and Security Rules related to the theft of an unencrypted laptop.
Same goes for business that is done in EU and thus falls under the GDPR legislation. A first overview from the European Data Protection Board found that by nine months after GDPR came into force, more than 55 million euros were issued in fines to companies that failed to comply. This number is guaranteed to grow in the upcoming years as enforcement becomes stricter, despite the fact that some fines will be postponed due to the coronavirus situation and related business difficulties.
Without deep enough pockets to cushion the blow of hefty fines, it is absolutely crucial to prepare a detailed compliance plan that adheres to even the smallest specifications. But you can’t stop there. Providing thorough training to staff will show them the important role they play in securing company and client data. There is never a 100% guarantee of preventing a security breach, but in the event that it occurs, following sanctions are significantly lower if you can prove that data was properly encrypted.
2. More and More Employees Are Working Remotely Now
Working from home offices improves employee morale but adds another layer of risk to data security. Computer systems and network traffic are more vulnerable to theft when accessed off-site or from unsecured Wi-Fi locations. In fact, almost three-quarters of IT leaders believe that remote workers pose a higher risk to company security than on-site employees, according to an OpenVPN survey. Endpoint encryption, two-factor authentication and virtual private networks (VPNs) are all crucial tools to minimize the risks and threats faced by remote workers.
3. Small Businesses Are the “Perfect Target”
With cybercriminals, size matters. Small businesses are much more vulnerable to attacks due to limited security budgets. They also lack the safety net of emergency funds often enjoyed by bigger companies. In the case of a security breach, small businesses can have much more difficulty bouncing back compared to a larger company.
The 2019 Data Breach Investigations Report from Verizon found that 43% of security breach victims were small businesses. Of these businesses, most suffered some degree of financial loss or even total shutdown because many security breaches are simply too expensive to resolve.
4. The Market for Cryptocurrencies Is Growing
Although cryptocurrency had its heyday in the last ten years, it is far from a dwindling trend. Just like gold and diamond miners, cryptocurrency miners rely on hefty sources of power to fuel their search. The problem lies with law-breaking cryptominers who try to hijack the processing power of unsecured business hardware in order to mine for cryptocurrency.
But there is more to it than that. According to the Cambridge Centre for Alternative Finance, stolen crypto-assets – including cryptocurrencies – typically end up on illegal markets and are used to fund further criminal activity.
5. Ransomware Attacks Hold Your Information Hostage
How much would you pay to get back something that was rightfully yours? Worse yet, what if there was no guarantee of its safe return? Cybercriminals have discovered that they can lock down business devices and encrypt their content in order to demand money. In return, they may (or may not) share the decryption keys to get your data back.
Small businesses are great targets for this kind of crime, as they are more valuable than isolated consumers. One study from Beazley Breach Response Services found that 71% of these ransomware attacks targeted small businesses, with an average ransom price tag of US $116,324. Looking at your company’s finances, could you afford that loss if it happened tomorrow?
6. Hackers Are Adapting Quickly to Rapid Changes in Technology
Technology is the industry that never sleeps. Businesses must always be on top of technological developments to stay one step ahead. Artificial intelligence (AI) can easily be misused by hackers to trick employees into granting access to confidential information.
In addition, the evolution of deepfakes lead to even more compelling imposter scams, when someone impersonate the government, a relative in distress or a technical support expert to pressure the victim into paying money, as described by Jon Bateman in his article Deepfakes and Synthetic Media in the Financial System: Assesing Threat Scenarios. These scammers typically make contact by phone, using spoofed phone numbers or voice-over-IP (digital calling) services like Skype to manipulate victims by threatening imminent harm unless money is paid. In 2019, U.S. residents reported $667 million in losses from imposter scams and the use of deepfakes and other AI-based techniques will likely evolve into bigger and scarier methods of cybercrime and will claim more and more victims over time.
Learn more about deepfakes in this Bloomberg video, or watch one powerful example right here below.
7. Your Reputation Is at Stake, and So Is Your Livelihood
Everyone knows that missteps in data security happen, but it’s how a company deals with the mistakes that matter most to its customers. The numbers are stacked in favor of well-known, larger companies, so small businesses have an even larger imperative to demonstrate trustworthiness to their customers. A study from the Ponemon Institute found that two-thirds of consumers who lost their personal information because of corporate error lost trust in the organization involved. As a result, almost a third of these consumers decided to terminate their business relationship. Remember that while your business itself can be a victim of cybercrime, so can your customers and clients. And once that business trust is lost, it is enormously difficult to regain.
Although the threats and risks can be worrisome, there is no reason to give up. Cybersecurity vendors have endpoint encryption products and other solutions that provide the needed support to small businesses just getting started in data protection. They can give you the tools you need to maintain surveillance over the most important files, discs and drives to keep your company in compliance with data regulations.