It can be tempting to think that data breaches only happen to Fortune 500 companies or global corporations. Switch on the news and you’ll hear about cyber attacks on household names. 2020 has already seen the likes of Twitter, Zoom, Nintendo and EasyJet falling prey to hackers.
But does this paint the full picture? And is it only large, well-known corporations being targeted?Definitely not.
While large companies might make the headlines, small and mid-sized businesses are being impacted just as badly. According to the Verizon Data Breach Investigations Report, as many as 43% of all breaches occurred at small businesses. And data from a 2019 study by Keeper Security and the Ponemon Institute shows that the number of small and medium-sized businesses experiencing data breaches increased to 63% in 2019. This was an increase from 58% in 2018 and 54% in 2017, respectively.
A recent Magecart attack, CardBleed, affected over 3000 stores. But again, it’s important to note that this affected a variety of stores across industries—not just the big, household names.
Want to learn more about Magecart attacks? Then get up to speed with our recent article here!
So, just because these attacks aren’t hitting the front pages doesn’t mean that small businesses are immune to the disastrous effects of data breaches.
Cybersecurity threats for small businesses
The sad truth is that small businesses are often easy pickings for hackers. Small businesses typically don’t have sufficient budgets to protect against every type of attack. Or they may just feel that they need minimum protection given their size. Certainly compared to multinational corporations, security spending at small businesses is likely to be less. Plus, there may simply be an attitude of, “It won’t happen to us” or “It only happens to large companies”.
But in this day and age—with breaches increasing—the later type of thinking is dangerous.
Smaller businesses are particularly vulnerable for a number of reasons:
- Many keep hold of customers’ sensitive information, that could be used for data theft.
- They may store their customers’ payment information—a goldmine for hackers.
- They may process financial transactions, which is an opportunity for stealing data.
- Some may have valuable intellectual property, worth more than customer information.
Cybersecurity Best Practices
Now we know the security threats to small business, how can you mitigate them?
It all starts with strategy and culture. Yes, there are tools to protect you, but for these to succeed, you need organisational coherency in your attitude towards cybersecurity.
Investing in cybersecurity isn’t just a case of completing some exercises, ticking the boxes and then forgetting about it. You need to develop a security-focused culture from the top to bottom that has buy-in from all employees.
The potential effects of a breach can be disastrous for any business. As such, cybersecurity must be ingrained as a high priority principle from the start. Your employees should be encouraged and incentivised to follow security protocols rather than being scared and fearful of doing something wrong.
Developing a culture of cybersecurity is an ongoing process and something you can sustain through regular meet-ups, open discussions and having structures in place so that employees can easily ask security-related questions. Proactivity is what will help develop and nurture a strong cybersecurity culture—not just treating it as an afterthought.
Like any business priority, a solid cybersecurity framework isn’t achieved in a day. You’ll need to map out a strategy over time to reach your security goals.
This will likely require, in the first instance, a governance framework from which to build. Having a clearly defined understanding of roles, responsibilities and chain of management will allow you to plan your cybersecurity efforts more effectively. The job of this framework is to develop a long-term, strategic response to cybersecurity that drives your business’s response. The strategy should cover such things as security policies, technical tools, audits and assessments.
With this framework in place, you’ll have the oversight to ensure that security risks are lessened and that controls are implemented to prevent attacks. Appropriate governance ensures that your security strategies are aligned with business objectives and consistent with external regulations.
The final, and perhaps most important step is your people. Your cybersecurity policies are only as strong as the people carrying them out daily. For that reason, you must invest time and money in security awareness training to keep employees engaged and knowledgeable on all aspects of cybersecurity.
An increasing number of breaches are due to human error, so it’s crucial that employee training is a continual, long-term effort—not just one-off exercise.
You can also get more insight around cyber-security and common myths around it from our Overview of cybersecurity infographics.
Tools to protect your business
Your strategy, culture and people will go a long way in protecting your business against security threats. But given the inventiveness of today’s hacks, investing in the latest technology to secure your business is a must.
A multi-layered security approach will give your business the greatest protection, making it harder for attackers to attack your systems. Some common tools to protect your business include:
- Web application firewall
- Content delivery network (CDN) to protect against distributed denial-of-service attacks
- Intrusion detection system
- Log manager system
- Vulnerability scanning assessment
- Weak password detection
- Security reporting dashboards
- Data breach monitoring (learn more about our innovative data breach tool here)
But as we’ve seen, even the world’s largest businesses (with the largest security budgets) get hit by data breaches. That’s why it’s important to implement a suite of cutting-edge tools while simultaneously promoting a culture of cybersecurity amongst your employees. It’s this holistic approach to cybersecurity that will yield the largest benefits and protect your business.
Vaimo Data Breach Monitoring
Vaimo’s Data Breach Monitoring tool helps to significantly reduce risks, protect your customer data and avoid damage to your business reputation. This monitoring tool can detect when your site has been compromised and immediately alerts Vaimo and yourself to take appropriate action. Speak to our dedicated Data Breach Monitoring team today to hear about implementing the tool on your site.