Many consumers might remember Target’s 2013 data breach. This incident cost the company $250 million in damages after hackers managed to steal around 40 million customers’ credit and debit card numbers. But the true overall cost can be hard to measure when you consider the bad press, the drop in productivity caused by internal mayhem during the crisis, and the dip in consumer confidence, all of which likely contributed to Target’s swift drop in profit following the breach.
And if this happened to Target in 2013, which employed a full cybersecurity team, it can easily happen to small businesses with meager or nonexistent cybersecurity budgets today. It’s also become increasingly important as recent events, like the COVID-19 global pandemic and the AI boom, have accelerated the shift toward digital platforms and e-commerce. With this shift, you’ll want to put even more time into protecting your business’ data and websites.
So, how can your small business protect itself without breaking the bank? It starts with identifying:
- The most common cyber attacks on small businesses
- Why small businesses are so often targeted
- The common mistakes small businesses make
Why Small Businesses Are Hackers’ Favorite Targets
When it comes to poaching data, hackers tend to focus on easy prey: small businesses. Why? They often lack strong security measures and standards. Likely due to their leaner teams and many hats. Most small business owners also don’t make it a priority to:
- Regularly monitor server networks and data
- Invest in an IT specialist
- Ensure that they only operate on secure Wi-Fi
- Learn about and train their employees on cybersecurity best practices
This may seem understandable, since many small business owners have a lot on their plate and tend to assume that getting hacked just won’t happen to them. But investing in data security is essential for small businesses. Most simply can’t afford to absorb the astronomical cost of a data breach in the way that a large enterprise like Target can.
Three Common Security Mistakes Small Business Owners Make
To keep your business’ data safe, it’s important to avoid these common mistakes:
1. Using Poor Password Standards
This is one of the top security mistakes small business owners make. Don’t be lazy about your password standards if you’d rather not join the ranks of small businesses that get hacked. The following password standards don’t yield strong enough passwords to withstand a password attack:
- Less than eight characters
- A lack of various letter cases, numbers, and special symbols
- Allowing the use of one password for multiple platforms and applications
And that’s just when it comes to the content of the passwords themselves. You also should regularly change all passwords and consider using two-factor authentication (where more than a user name plus password is required), for added security.
2. Lacking a Clear BOYD (Bring Your Own Device) Policy
Allowing employees to use their own electronic and mobile devices does have benefits. They’re comfortable using them, so they’re more efficient and productive, and it likely saves you overhead cost.
But, your BYOD policy should include:
- IT support
- Encrypted data options
- When and where employee-owned devices can be used for work
If your policy doesn’t include these elements or if your policy just plain doesn’t exist, you’ll leave your business wide open to data breaches.
3. Trusting Public Wi-Fi
While waiting for a client at your local coffee shop, it’s tempting to hop onto the free Wi-Fi and get some work done, but be wary. Hackers often set up their own Wi-Fi hotspots, giving them sneaky names similar to where they are (for example, Pete’s Coffee – Guest). When unwitting Wi-Fi users join these poser networks, hackers can easily gain access to their devices. And, even if you do land on the right network, public Wi-Fi offers little to no real security from savvy hackers.
Four Common Cyber Attacks on Small Businesses
Did you know that the average cost of malicious insider attack is $4.9 million USD in 2024? Small businesses are often the target of malicious attacks. It’s important to stay diligent and protect your business. Here are the most common types of attacks on small businesses.
1. Malware
Malware is a broad term for malicious software that’s designed to gain access or cause damage to a device, typically with the purpose of stealing data such as personal information and credit card numbers. There are several types of malware small business owners should know about: adware, spyware, and Trojan horses.
2. Password Attacks
When a hacker learns your password(s), they gain access to all your information. Hackers can get an unknowing user’s password in several ways, including “brute force attacks” during which specially designed programs generate and try every possible combination of letters, symbols, and numbers. Using a 10-character password of upper and lowercase letters can slow down these programs, since it can take more than 100 years to land on the right one, so consider using longer, more complex passwords.
3. Phishing
Hackers use this technique to trick people into willingly handing over their information, from passwords, to credit card numbers, to Social Security numbers. Typically, hackers pose as a reputable source via email or text, asking their victim to follow a link and, for a seemingly important reason, provide key information.
In fact, Gmail blocks more than 100 million phishing emails a day. And recently, Google has blocked more than 18 million daily malware and phishing emails related to COVID-19. On top of this, it’s also important to remember that phishing scams aren’t always digital. They can also be over the phone.
4. Pharming
While pharming, hackers compromise the naming system in a server so they can make users think they’re accessing legitimate sites when they’re actually being redirected to fraudulent ones. Once on the fraudulent site, users are prompted to provide sensitive data such as credit card information or Social Security numbers.
