Data breaches at multinational corporations make headlines every few months. Cyber attackers seem to enjoy the challenge and big payoffs involved in hacking into large data files. But are smaller businesses also at risk?
Small Business Losses
Image via Flickr by bionicteaching
The short answer is yes. According to a recent Kaspersky Labs report, 90 percent of businesses have faced security breaches, and 46 percent have lost sensitive data. These figures include both large “enterprise” operations and small or medium-sized businesses.
The report, which surveyed more than 5500 companies in 26 countries, determined that the average cost of recovery from an incident for a small or medium-sized business was $46,000. That figure includes $38,000 in direct losses, such as lost contracts and downtime, as well as $8,000 for indirect damages like upgrading infrastructure and training staff.
Why Small Business?
Is it hard to imagine that hackers would be interested in the data your small business collects and stores? Many owners and IT managers at smaller firms have a sense of immunity, believing that their business data isn’t a temptation alongside the data collections of much larger companies. Hackers prey on this sense of false security, targeting businesses that leave themselves vulnerable. Small companies are often innovators, so their intellectual property constitutes a temptation to hackers, too.
Most Prevalent Attacks
What are the biggest data breach threats to small businesses? The businesses who reported data loss in the Kaspersky survey overwhelmingly reported malware and phishing as the most widespread attacks. Malware accounted for 24 percent of the attacks resulting in data loss, and phishing was responsible for another 10 percent, so the two combined represent more than one-third of company vulnerabilities. Other threats that accounted for between 5 and 10 percent of data breaches include:
- Accidental sharing of data by staff
- Vulnerabilities/flaws in existing software
- Network intrusion/hacking
- Denial of service
- Loss/theft of mobile devices by staff
- Intentional leaks/sharing of data by staff
- Fraud by employees
Cyberespionage, targeted attacks, and other threats accounted for 4 percent or less of actual data loss incidents, according to the companies surveyed. So while your firm may not be large enough to attract those kinds of attacks, you could still be at risk.
Coping With an Attack
Security breaches have become so common that it’s vital prepare yourself for potential intrusion. You’ll need to react swiftly in the event your data is compromised, even before the details of the breach are fully understood. Your upper management and IT managers should make a plan for how you will handle the first hours and days after a suspected cyber attack and stand ready to protect your data, communicate with your customers, and handle the increased activity of your customer service team.
Protecting your small business is mostly a matter of understanding what the most common threats are, from within your operation as well as outside it, and keeping your defenses up to date. Crafting an incident response plan to follow in the event of a breach is also vital and will help guide you through the first hours and days after a data loss.