On the heels of Heartbleed and under the still-looming shadow of many large consumer data breaches, the landscape of cyber security (long quietly shifting unseen and underfoot) is now creating waves in the tech and consumer fields. This leaves many people wondering – how vulnerable are small businesses and what can be done to protect them?
Small businesses are not immune from being targeted by “nefarious actors.” In fact, of 400 small businesses surveyed by Nominet, 77% reported at least one cyber security incident, with one in five reporting a loss of revenue as a result. According to Symantec, cyber-attacks rose 300 percent from 2011 to 2012. Cyber thieves prefer to target private devices, terminals and point-of-sale (“POS”or “checkout”) systems — which often have vulnerable piecemeal security protocols cobbled together over time as needed — as they are easier to infiltrate than the comprehensive security infrastructures of banks.
The true cost of a breach in your cyber security infrastructure is untold. From calculable hard monetary losses to your business (or even your customers) to possible irreparable damages to your reputation and customer loyalty, there’s no way to tell just how severely a crack in your security will fracture your business. Just ask Target, whose massive data breach (the largest ever recorded!) resulted in BrandIndex consumer perception plummeting over forty points in a single week. That’s on top the three class-action lawsuits, investigations by the U.S. Department of Justice and U.S. Secret Service, and quite a few disgruntled customer’s Facebook posts.
Tech holes can be patched, but money lost can’t be. The vulnerabilities exploited by cyber criminals run the gamut from exploiting weakly secured wireless systems, installing trojans on networks through malware-laden emails, phishing, social engineering, to — in the case of the Target credit card breach — uploading data harvesting tools to POS systems. Without a comprehensive cyber security system in place, you expose both your business and your customers.
When it comes to your business accounts, unlike personal bank accounts, by law the FDIC does not insure small business funds against the actions of cyber theft. There are even incidences of small businesses having to close up shop after they could not recoup the funds siphoned by cyber criminals who gained a point of access into their accounts through holey security systems.
But don’t panic! There are things you can do to protect your business and customers:
- Don’t use the same password across your accounts and make sure the passwords you do use are secure. This means no using common passwords, your darling pet’s name or anything else that can be reasonably guessed (this is doubly true if your dog’s name is ‘123password’).
- Update your software and invest in merchant credit card processing to ensure secure point-of-sale systems
- Read up on cyber security sites like CyberStreet and be aware of current cyber security trends, threats and risks.
- Educate your employees on how to ensure your sensitive data is protected. This includes making sure there are protocols for spotting, reporting and investigating sketchy emails, creating strong passwords, and not divulging sensitive information to unauthorized individuals, websites, or otherwise.
Remember, tech security applications can only protect you as long as you and your employees are vigilant. Just like a home security system only protects your belongings if you turn your locks and close your windows, a tech barrier only protects your sensitive data if you remain aware and don’t do things like download fishy attachments (or phish-y, as it were) and invite all the thieves in through the front door. “[Cyber security],”says cyber security expert Peter Singer, “is everyone’s responsibility to know, and everyone’s responsibility to understand…”