Cyber Attacks Cause Big Effects on Small Business

The data breaches that we most often hear about affect larger companies and compromise millions of customers, such as the attacks against Target and eBay. Data possessed by small businesses can be just as valuable and, in some cases, much more so. Small business owners know that the impact of an embarrassing or costly data breach can mean potentially losing their livelihood and/or the entire business enterprise. The majority of cyber-attacks actually target small and medium-sized businesses because they are typically much more vulnerable than large enterprises, and the effects can be much more devastating. Firewalls, spam blockers and antivirus software are always recommended, but these do not always work to keep criminals out. “The Verizon 2013 Data Breach Investigations Report found that 62 percent of breaches impacted smaller organizations, and that number is likely conservative because it assumes an organization is even aware it has been breached” (CPA Practice Advisor). Small businesses that do not have the IT resources or expertise to implement and manage security systems are prime targets for cyber criminals, as they might not even be aware that an attack has taken place.

 Monitoring where files exist, how they move inside and outside the network is critical to immediately identifying an attack and preventing information loss. It is also recommended that every business, regardless of size, create a comprehensive security training program in place for employees. This would involve not leaving files open or unattended and shutting down all unsecured devices at the end of every day. It is a good idea to also classify employees based on what they can and cannot access on the company system, and keep files as restricted as possible. Additionally, employees should have a different and strong password for all accounts or services. Unfortunately, cyber-attacks can occur despite a business owner’s best efforts. But the effects can be limited by relying on a crisis management plan that centers on transparent communication between management, employees, stakeholders, customers, and anyone else who may be affected.