Businesses face risk every day. Some businesses take a risk by allowing their customers to pay monthly or quarterly. Other businesses take risks by having their employees climb onto the top of a roof to repair damaged shingles. Other businesses take on risk in the form of storing sensitive financial information about their customers on their internal computer system. No matter what type of risk your business takes on most all businesses face the risk of a data breach. In many industries, a data breach is one of the most expensive mistakes a business can make. Far too many businesses think a data breach is something only a big business needs to worry about. Here are two examples of small business data breaches, three reasons why hackers are now targeting small businesses, and four ways to prevent hackers from targeting your business.
Here are some examples of small businesses being hacked.
At the time it happened the data breach that hit Target in 2013 was the second largest data breach ever. The Target Data Breach impacted more than 110 million people including more than 40 million credit and debit card numbers. The access point for this data breach was first sought through a small HVAC Company outside of Pittsburgh, PA. The HVAC Company first attacked was Fazio Mechanical Services. Cyber criminals accessed the internal computer systems of this business months before the Target Data Breach. It was not until they realized this HVAC Company worked on the HVAC Systems of a few Target locations throughout the area that the realized they could than access the internal systems of Target.
A few months after the Target Data Breach took place, Home Depot was hit in a similar fashion. In the case of Home Depot there was an outside vendor who provided the credit and debit card processing for their self-check-out registers. Like in the Target Data Breach, the business had been hacked for months before hackers realized this company could grant them access to the larger company Home Depot. The name of this third party was never released. Both of these examples show how much of a risk cyber security actually is for small businesses and demonstrate why small businesses are now an even greater target than many big businesses.
So why exactly are cyber criminals attacking small businesses?
Small Businesses Are Easier Targets
Because of the vast amount of data breaches that have occurred over the past five years, most enterprise level businesses are beginning to get their act together when it comes to cyber security. Because enterprise level businesses are more difficult to access, this leaves less places for cyber criminals to gain access to sensitive financial information. Far too many small business owners do not realize the risk they face no matter how small their business. Many business owners still have thoughts like: ‘I am just a small business, why would anyone bother to hack my business?’ or ‘I do not store much information about my customers. How valuable could that information be to cyber criminals?’. If these thoughts have ever creeped through your mind as a small business owner, you are the exact type of business hackers are looking to target.
Small Businesses Partner With Bigger Businesses
Many small businesses have partnerships with much bigger businesses. Whether that is like in the case of the HVAC Company with Target or any other type of partnership a business may have, these relationships can allow hackers access to these much bigger data bases. Many small businesses are not disclosed when a large breach occurs and it is usually because the smaller business is forced to close permanently as a result of the breach.
Laws Protecting Commercial Checking Accounts Are Weak
Cyber security laws are strict when it comes to peoples personal information, but the laws regarding business checking accounts are much less stringent. Banks typically have strong security measures in place and they can prove the breach was the fault of the business and not the financial institutions. With the onset of chip based credit and debit cards, this is not as much of an issue. These method of payment is much more secure than traditional swipe based transactions. Still far too many businesses do not offer the consumer the ability to use a chip based credit or debit transaction. When this is the case, the business is responsible for the loss and not the financial institution. This is an amount few enterprise businesses can afford, much less a small business. In today’s business environment, this is a decision that will bankrupt most small businesses.
What can small business owners do about data breaches?
Create A Culture Of Data Protection
Cyber Security is the responsibility of everyone within an organization. This responsibility should be made apparent to all employees as soon as they become a member of your staff. Talking about cyber security as you onboard employees and continuing to discuss this issue is the best way to ensure the safety of your business.
Train Employees Properly
It is important for you train your employees properly in order to secure your business from hackers. It is important to do this for all employees no matter what level they are entering your workforce. Some employees may be highly qualified to serve in their position and still be a weakness when it comes to cyber security. Give the employees concrete examples of good passwords and require them to reset them periodically. It is also a good idea to send out fake phishing emails from time to time and monitor if any employees click on anything in the email. This can tell you if your training methods are working.
Secure Proper Commercial Insurance
No matter what industry you operate in, accidents will eventually happen. If you stay in business long enough, chances are your business will face some form of data breach. Regardless of how big or small the threat is, the best way to defend your business from this threat is to secure proper insurance. There are two main types of Insurance that deal with data breaches. They are usually sold in tandem because if you need one you more than likely need the other. The first type of policy is Data Breach Insurance and it deals with the damages to you and your business. The second type of coverage is Cyber Liability and it deals with the liability a business faces to outside third parties who are damaged by a data breach. There are certain minimum requirements that you are legally obligated to provide to those damaged by a breach at your business. For most businesses this cost alone will sink their business without proper coverage. The next time you are looking for cheap general liability insurance small business, do not forget to speak long and honestly with your agent about whether you need cyber insurance as well.