Your business isn’t large enough to attract cybercriminals, right?
Wrong.
Small business cybercrime is a growing concern among both business professionals and consumers who provide their personal information to these organizations.
Despite their size, small businesses hold a plethora of both company and customer personal information. And, since these smaller companies work with smaller budgets, and limited or outsourced IT security groups that collect customer information, they are more likely to experience a security breach. This often leads to identity theft and fraud against the small business or its customers. In a criminal’s point of view, breaching a smaller business’s network is easier, less expensive and will be harder for an organization to detect — allowing them to maximize on their investment
Symantec’s 2015 Internet Threat Report found that 60 percent of cyberattacks occurred in small and midsized enterprises, which has doubled from 31 percent since 2012. Many small business owners may think that their businesses stay under the radar, as criminals would rather spend their time going after larger companies with larger payouts.
However, many criminals target these organizations because smaller companies are more likely to have simplistic or non-existent security measures in place. As a result, small business cybercrime is just plain easier for criminals who may be attempting to access sensitive data.
The Guardian reported that almost 90 percent of small and midsized enterprises do not implement data protection for business and customer personal information.
Why might that be? Typically, smaller businesses boast smaller incomes. According to the Global State of Information Security Survey 2015, smaller businesses (with annual revenues of $100 million or less) made budget cuts in their security departments by 20 percent in 2014. On the other hand, larger companies (with annual revenues between $100 million and $999 million) increased their security investments by 5 percent. In general, the more monetarily valuable the company, the more it spends on its security.
Even though small businesses are easier to access, criminals still have their eyes on the prize: larger corporations with a larger volume of data. Smaller businesses are more likely to be vendors or distributors for larger companies and can act as a door into a larger company’s network.
However, CEO of Global Cyber Risk Jody Westby notes that the size of the business is not the main issue; it’s more about the type of data that the business collects. The combination of low security and a pool of customers’ personal information can make small business cybercrime especially damaging.
Cybercriminals do not care who they attack. They often perform automated attacks on small businesses because it simply requires less effort. But there are a number of barriers small business owners can enact to ensure the security or their confidential business data.
10 Ways to Foil Small Business Cybercrime
- Encrypt your wireless network
- Install a firewall, anti-virus software, anti-phishing software (typically included in anti-virus) and anti-spyware software.
- Keep all software up to date
- Prohibit “Bring Your Own Device” (BYOD)
- Remove or disable USB ports
- Implement strict password policies
- Keep your Point of Sale system (POS) on a closed network
- Restrict physical access to devices containing sensitive materials
- Hire a reputable Point of Sale provider (POS)
- Educate your staff on cyber security and small business crime
For more information on stopping small business cybercrime, please visit FightingIdentityCrimes.com.