Small Businesses and Data Breaches - The Threat Is RealUpdated: October 02, 2019
Data breaches are a real threat for businesses, regardless of their size.
Data breaches have seen an increase in occurrences over the past years and all business, both big and small, are subjected to the risks.
The worst part about data breaches for small businesses is that they don't have the same resources as big companies to deal with a security breach and the losses can be devastating.
Knowing how what data breaches are and how they occur is the first step to protecting your small business against such an attack..
Cyberattacks are the actions deployed by cybercriminals with the goal of damaging a computer system, network, or device or stealing pieces of software, business secrets or private information stored on the business' network. These attacks can be done through several methods such as phishing emails, viruses, malware, ransomware or DoS attacks.
A data breach is one of the possible outcomes of a cyberattack. It's an incident in which third parties gain unauthorized access to a system to steal information. This information can include customers information, credit card details, usernames and passwords, social security numbers, and so on.
Data breaches commonly happen through:
- Exploits - Cybercriminals exploit the vulnerabilities and bugs of a computer system to gain unauthorized access.
- Spyware - Cybercriminals infect the system with this type of malware which collects private data and sends it to the attackers.
- Phishing - Cybercriminals use this social engineering technique to trick employees into providing personal information, including usernames and passwords.
- SQL injections - Attackers exploit security vulnerabilities by injecting malicious code to gain control of the database server behind a web application.
To give you a little perspective on how common data breaches are, look over these statistics that show that:
- 1091 data breaches were reported in 2016
- 1597 data breaches were reported in 2017
- 1232 data breaches were reported in 2018
Even if it seems that the number of data breaches has decreased in 2018, the number of compromised records increased by 133%. Not to mention that only 47% of companies publicly disclose the leaks of data and it can take even years until the company notices its system has been breached.
Over the years, big companies have been victims of data breaches. A couple of examples are Heartland Payment Systems, the RSA, Yahoo, Adobe Systems, eBay, Quora, and even Facebook (the Cambridge Analytica scandal raises a bell?). These attacks resulted in users' information being leaked, in some cases even information such as identifiable information and credit card details.
But even if you usually hear about the big companies being victims, it doesn't mean small businesses are immune to data breaches.
According to Smallbiztrends:
- 43% of cyberattacks target small businesses.
- Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective.
- 60% of small companies go out of business within six months of a cyber attack.
- Other researches https://www.thesslstore.com/blog/15-small-business-cyber-security-statistics-that-you-need-to-know/ show that:
- The rate of cybercriminals targeting small businesses raised to 425% in 2018 compared to the previous year.
- Over 80% of small businesses don't afford to recover from a data breach.
- 1 in 323 emails sent to small businesses are malicious, employees of small businesses being more likely to be hit by email threats than those in large organizations.
- 60% of data breaches happen due to employee negligence, only 37% happening due to external threats.
Most think that their business is too small to be targeted by cyberattacks when, in fact, they are more likely to become targets for cybercriminals. That's because the limited funds means less IT security specialists to handle the networks and system and lack of training for employees about the risks and prevention measures.
If you're still not taking data breaches as a serious threat, let's take a look over what a data breach can mean for your small business.
Financial impact - After a data breach, the business has to invest a lot of money into damage control. If money has been stolen the company must pay them back. There will be fines to be paid. The business must pay for protection so it doesn't happen again in the future. It can also involve paying for sustained system outage, downtime, and even lawsuits. The average global cost of a data breach is $3.86 million, meaning $148 per stolen record.
- Damaged reputation - Data breaches have massive negative impacts on businesses' reputation, especially if the breach involved leaking customers' private data. Customers will lose confidence in the business because the reveal of their sensitive information puts them at risk of identity theft.
- Legal liability - As a business, there are laws that force you to strongly protect customers' data. If you fail to secure this sensitive data, there's a risk lawsuits will be involved. For example, TalkTalk was fined twice because of data breaches, the fines raising to $120.000 and $400.000. and these numbers are before the implementation of GDPR.
- Affected productivity - Data breaches incidents mean dealing with the attack. It includes contacting vendors, associates, and affected customers, restoring data, taking measures to stop the vulnerabilities, go through litigation, and many more extra tasks that turn out to be time-consuming.
- Hiring outside help - Most small businesses don't have the in-house resources to deal with a data breach which means they have to require outside help from IT experts, resulting in even more expenses.
Data breaches are often hard to identify, as cybercriminals carefully design these attacks to act sneaky, hiding into systems for long periods of time. It can take even more than 200 days for a business to realize it has been attacked.
You can only defend yourself in case of a data breach if you're acting in time. The more time the attack goes without being noticed, the more information cybercriminals can steal.
These are some signs that should trigger warning bells:
- The network performance decreases unexpectedly
- Suspicious device and apps acting
- The antivirus software is disabled and can't be turned on
- Employees' access to accounts is cut off
- You can't implement updates
- Unusual changes to critical files
- Suspicious outbound traffic
In case you notice any of these changes, you must act quickly to confirm if the system has been hacked so you can contain the damage.
Implementing attacks detection strategies will also prevent cyberattacks from going unnoticed.
Don't ignore important alerts - With the modern network systems, it's fairly easy for important alerts to be ignored because there's a huge amount of notices popping up all the time. To make sure your team doesn't overlook alerts from true threats you can turn off those ones that are not essential.
Actively checking the firewall - Many security breaches occur by exploiting the vulnerabilities of the security systems. Make sure the network administrator is actively checking for open ports so they know where an attack would most likely take place. If they know where the weak spots are, they'll be able to react in time in case an attack is deployed.
Have a clear system structure - In case of an attack, cybercriminals go for the places where important files are stored. Your team should take great interest in the system structure so they can quickly respond in case of an attack.
Actively learn about cyber threats - One of the reasons data breaches go unnoticed until a third party makes them pubic is because many businesses don't take interest in cybersecurity. Instead, they wait for software developers to give them news and reports. If you don't want to be one of the businesses that's clueless about a cyberattack taking place in their realm, you must take the initiative to learn about hacking attacks, collaborate with cybersecurity experts, and keep your team updated on the modern threats.
Data breaches are a real threat in the modern world, cyberattackers having a lot to earn from stealing private information such as customers' sensitive data.
Even though most might consider their business too small to be targeted by a cyberattack, the security landscape shows that small businesses are in fact more likely to be victims of data breaches, being also more prone to get out of business in case of such an attack.
It's important for companies to be aware of the threats so they know how to protect themselves against data breaches and to take preventive measures such as regularly check and clean their online environment, monitor network activity so they can detect unusual behavior, and create strategies for threat-hunting.
For the fight against data breaches to be effective, businesses must also turn to modern data breach detection tools and keep updated on evolving threats and measures.