You’ve been running a small consulting firm out of your home for the last five years. You have a few dozen clients, and store most of your information about them, including their payment information, on your computer. You worry about a lot of things, including growing your client base and keeping all of your plates spinning, but you aren’t all that worried about a hacker getting into your computer and stealing information. You’re small potatoes; those guys are far better off attacking the big guys, like banks and huge investment firms.
If you’re a small-business owner with that mindset, prepare yourself for a rude awakening: You are at risk for a targeted attack, and there’s a good chance that hackers are just as interested, if not more so, in you than they are a bigger business.
Small Business = Big Money?
Before you get the impression that hackers aren’t interested in large enterprises, you should know that certain organizations, such as financial services companies that handle millions of dollars in assets or technology firms developing the next greatest device, will always be a target for cybercriminals. The potential payday for hacking into a large bank’s database and accessing millions of dollars plus the personal information of customers — or for learning about the plans for a new wearable computing device — is simply too significant to ignore.
However, small businesses also have plenty to offer criminals as well. For example, if you supply products or services to a larger company, hackers may try to access your network as a means to find information or a way into the other company’s network. Perhaps have a portal into their supplier management system — with your username and password auto-filled on your computer — that allows a hacker to access that system and inject malicious code that then gives them more extensive access.
Or, perhaps you have payment information for your customers. A list of credit card numbers, Social Security numbers and other personal information can go for top dollar among cybercriminals; by some accounts a Social Security number with other personally identifiable information is worth up to $100 on the black market. If you’re storing that information, you’re valuable to a hacker.
It may not be the information you have that presents the only opportunity to a cybercriminal. Some experts point out that small businesses are more vulnerable to distributed denial-of-service (DDoS) attacks than larger businesses, often because their sites are hosted by large service providers and because they do not have the advanced network security features of a larger enterprise. In that case, you could be an innocent victim of a larger attack, or you could be the target. There have been reported cases of small businesses falling victim to DDoS attacks that were part of a plot to collect “ransom” for the site. In these attacks, a criminal knocks the site offline and then demands a large payment to restore it.
Why Small Businesses Are Vulnerable
Small businesses, because they don’t believe they hold the same value as larger companies, often do not have the same strict security measures as larger companies. They may install security software, but it’s not advanced enough to catch all of the potential threats and stop them.
This makes them more attractive targets to hackers, who may have more difficulty accessing better protected networks. Large corporations are aware of the laws regarding data protection, particularly financial and health-related data, and the consequences of failing to employ adequate network security systems from Trend Micro to protect that data. Smaller companies may be less aware of those laws or operating under the misguided impression they are immune from the most serious consequences of a data breach.
Small-business owners may also be less cognizant of behaviors that increase security risks, such as oversharing on social media. While social media is an important part of the security mix, revealing everything and anything on social media and not understanding the risks can leave you vulnerable to an attack.
Protecting Your Livelihood
The first step to a small business staying safe from cyber attack is to understand the risk. Realizing you are, in fact, a target of cybercriminals can go a long way to informing your behavior and the security measures you use. Installing adequate security measures that include real-time antivirus software, firewalls, advanced threat detection that uses deep discovery (read more about how deep discovery can help here)and encryption can keep your data safe.
Security is always a concern when it comes to your business, regardless of its size. Don’t let misconceptions about your value and a costly security breach keep your small business from reaching its full potential.