There appears to be a new breach reported almost every week. Two data breaches of major financials institutions had over 200 million records exposed over the last couple of years. These companies that were breached had extensive security teams, yet still fell victim to massive data breaches.
Smaller businesses face similar threats and are often without security teams focused on their defense. If this is true for your business, don’t panic. Instead, start by identifying your critical data assets that would be valuable to attackers. Focusing on what data your business collects and holds, that may be of interest to hackers, is a good start to developing a plan and implementing security controls to protect the data and your business.
Get the guide on how PEOs work for small businesses.
Know Your Value - Because the Hackers Do
A common misconception is that small businesses don’t have anything worth stealing. This is incorrect. No matter how small your business is, you have to know that you have immense value. Almost every business has at least some data asset that can be used to benefit hackers.
As a business owner you have something to protect. Even if you have data that you don’t consider valuable, realize that your brand’s reputation matters. One consequence of a security breach is a damaged reputation, which could ultimately hinder growth. Brand damage can lead to customers, clients, and partners feeling unsafe using your services, which would be a major loss for your company. Failure to identify and protect your company’s valuable assets can make it easier for hackers to access data.
Why Hackers Go For Small Businesses
Data is constantly being bought and sold. One goal for attackers is to steal and monetize data by selling it on the dark web. This stolen data can also be used for other attacks where the attacker will try and use that stolen data to appear more credible. Such data can range from social security numbers to even something as simple as the first and last names of clients. The reality is that there is a market for sensitive information and even data that might not be considered sensitive can be of value. All the information a company has just becomes a piece of the puzzle for the hacker to use.
The reality is that there is a market for stolen sensitive information, and even data that might not be considered sensitive can still be valuable.
Hackers want to do the least amount of work possible to achieve their goals, so naturally the perception of small businesses having less security could make them more of a target. For example, if a hacker wants to target a major financial institution and they’re having a hard time getting what they want, they could target other small businesses that are vendors for the major financial institution. Hackers could go after the small business in this instance because the small business holds data on behalf of the larger institution and could be an easier environment to breach.
Think about the kinds of customer data a vendor might collect, process, or hold on behalf of their customers. If hackers can breach the vendor, then that customer data could potentially be compromised. Many smaller businesses take for granted the information they have. This could often result in not implementing adequate security measures to protect that data.
Be Aware of the Different Forms of Attack
Now that you know the data that your small business holds is valuable, the next steps are to learn about some common attacker techniques and most importantly to formulate a strategy to defend your data and small business.
Email phishing is the most commonly used form of attack today. Security training for your employees continues to be an effective way to create awareness and prevent employees from clicking on malicious links and attachments. Business Email Compromise (BEC) attacks are also on the rise. These are attempts by hackers to disguise themselves as someone else. They could disguise themselves as someone at your company, as vendors you work with, or as customers by using a similar email or compromised email to get funds wired or take other unauthorized action that benefits the attacker. When it comes to email, it’s always best to check where the email is coming from, and never click on links or open attachments unless you are sure the sender is legitimate. Using two-factor authentication and strong passwords are some of the ways to protect your business.
Ransomware has become a popular attack technique for hackers and they appear to be finding a lot of success using it. A number of businesses, governments, hospitals and non profits across the United States have fallen victim to ransomware attacks in the last couple of years.
This attacker technique involves delivering malware to the victim’s system(s) that encrypts data on those systems. Attackers then demand a ransom in order to decrypt the data and threaten to destroy the data if their ransom demands are not met. One way to protect yourself from ransomware is to have all your data backed up and maintain an offline copy of your backups. Having antivirus and antimalware protection in place is also an important step toward protecting your company from ransomware and other malware. Following up with a security strategy and plan can be a great way to protect your data and safeguard your business.
Knowing the value of your data and ways hackers try to compromise it are great first steps. It’s important to remember that just because you’re a small company doesn’t mean you're defenseless. Having the knowledge on how these breaches happen is important and can ultimately be a key step for the safety of your business.
This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for, legal or tax advice. If you have any legal or tax questions regarding this content or related issues, then you should consult with your professional legal or tax advisor.