As a small business, you may feel that you are at less risk of a cybersecurity attack than larger businesses: that’s no longer so. In fact, the small business sector has become a tempting target for many a hacker. A study released by security company Symantec revealed that in only one year, the rate of data theft among small businesses rose 300% from 2011 to 2012.
If you think your data isn’t important enough to merit a full-scale protection plan, consider these surprising security risks you might not even know you’re taking.
Improper Client Data Protection
Even if your own small business’ data doesn’t seem impressive, a hacker might have an interest in breaching your system in order to use your business as a gateway to your clients. By infecting your network with malware, a hacker can use your small business as a clearing house to collect personal and transaction information each time you interact with a customer. This can include names, addresses, birthdate and bank information, as well as email addresses, credit card numbers, and account passwords. Improper network protection can, therefore, put the data of your customers at risk, as well as your own information.
Placing PII in Cloud Storage
Personally Identifiable Information, also known as PII, is information that directly or indirectly identifies the person to whom it belongs, and it’s usually that which cyber-thieves and hackers are after. It’s therefore the type of information that should be most well-protected and, despite being incredibly useful, the cloud is one of the least secure places to store PII. After all, the benefit of cloud storage is that it can be accessed by any computer, anywhere—even the hacker’s own if they know the username and password.
A Lack of Security Policy & Regulation
Since many small businesses don’t think their data is truly at risk of a cyberattack, this can lead them to put less priority on developing proper safety policies and regulating adherence to these rules. As always, the best offense is a good defense, and your best defense against information theft is to take preventative measures, including changing passwords regularly, running virus and malware checks, and encrypting delicate data. However, without creating a clear and specific security policy, it is harder to enforce safe security practices among your employees.
This is especially dangerous because the number one risk to your data security may be…
Human error accounts for 60% of cybersecurity risks for small businesses. Many employee habits, if unmonitored, can make your small business’ data more vulnerable. This includes accessing the business’ WiFi or documents from outside personal devices such as their cellphones, which may not be secured. Employees can also make it easier for a hacker to access your network if they: open suspicious emails or browse questionable websites, use easily-guessed passwords such as birthdays or pet names, and don’t change passwords or run malware checks regularly.
Want help identifying the gaps in your business’ armor? BuzzAGeek offers IT security reviews & audits to help you find the biggest risks to your private information. We can also help you develop a comprehensive information security protocol and educate you and your employees about the best way to protect your business. Contact us for more information today.