Posts Tagged ‘disaster planning’

Is Your Small Business at Risk of a Cyber Security Breach in 2015?

Wednesday, January 21st, 2015

Cyber security is a hot topic these days, and for a good reason. For years, customers provided personal and credit card data, with the assumption businesses would protect their information at all costs.

With data breach after data breach in 2014 and extensive coverage in the media, trust is at an all-time low. To an outsider, it may appear only large Fortune 500 businesses were affected, they typically receive a bulk of the media attention. However, according multiple studies, 50 – 70% of data breaches target small businesses. Certain small businesses are more likely to be affected than others, find out below if your business is at risk of a data breach.

1. You have Fortune 100 or 500 Clients

Target, one of the most well-known and widely covered data breaches, started with a medium sized business, Fazio Mechanical Services. A single contractor at the HVAC company was given access to temperatures at various stores, yet his username and password was also a path to Target’s central network. Once in, hackers installed malware, enabling them to steal the credit card numbers and personal information of 40 million consumers.

Many other recent attacks on retailers and big brands have played out with a small business being the first point of entry. If as a small business, you have access to much larger clients, you could be at risk of a data breach. Start by safeguarding your biggest clients first, test your existing security measures and look for vulnerabilities regularly.

2. You have access to Credit Card Data or Personal Information

The first example above, demonstrates that you don’t need credit card data or personal information for a data breach. Only access to larger fish is needed. But, having direct access to this information puts your business at greater risk. 96% of all data breaches target payment card data. Most cyber-attacks aren’t related to ego, but involve monetary transactions. Credit card and personal data is easily sold in black markets and provides an incentive for cyber criminals to target your small business

3. Your Business is part of a Growing Industry

If a cyber-criminal were to hack Google, it would likely involve infiltrating the hundreds of startups and companies Google acquires each year. If your company is in a growing industry, cyber criminals are more attracted to your business due to the possibility of being acquired or merged with a larger organization. Small and medium sized businesses operating in the healthcare, manufacturing and technology industries are at the highest risk.

In addition, these growing industries are often faced with inexperience in properly safeguarding customer data. The healthcare industry is estimated to be one of the largest sources of cyber-attacks in 2015, simply because many healthcare organizations have added a wealth of personal consumer data in recent years. Cyber-criminals are savvy and realize these industries are likely to be easy targets

4. Your IT Department or Employees Ignore Basic Security Measures

Compared to large corporations, security at small businesses is lax. Many of your employees likely enjoy working for you, avoiding the bureaucratic policies, employee handbooks and rule sheets that plague much larger organizations.

However, minimal security measures can’t be ignored. Research and multiple studies suggest small businesses aren’t just under-prepared for data breaches, they haven’t even begun.

  • 87% do not have a formal written security policy
  • 59% do not have a security incident response plan for a data breach
  • 50% of users still use poor passwords
  • 83% do not have a system to require employees to periodically change passwords


The statistics are sobering. Adopt basic security measures such as firewalls, anti-virus software and employee password programs. Put in place a disaster recovery plan and involve your IT department and outside experts. Determine your risk and liability for a data breach. Estimating the potential financial loss will help sell the importance of preparations that can start now, before the unexpected cyber-attack happens.