As if small business owner's don’t have enough to worry about, they also face a mostly hidden but powerful threat – cyber-attacks. Small businesses are reportedly being increasingly targeted by hackers and cyber-criminals intent on stealing bank account information and misusing customer, employee and vendor data. While many business owners and managers are rightly concerned about being victimized by embezzlement, check fraud and other common crimes, they may be unaware or not sufficiently prepared for another threat – hacking and cyber-crime. Cyber-criminals are looking for customer, employee or vendor data that can be used to generate significant profit and steep costs for their target victims – small businesses.
Small Businesses Are a Target
According to the 2011 Data Breach Investigations Report from Verizon, the U.S. Secret Service report and the Dutch Hi-tech Crime Unit, “small to medium-sized businesses represent prime attack targets for many hackers, who favor highly automated, repeatable attacks against these more vulnerable targets. They are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organizations.” In 2010, the Identity Theft Resource Center identified 16 million data breaches, defined as an event in which an individual name plus Social Security number, driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format. There have been 12 million breaches so far in 2011.
Why Are Small Businesses Vulnerable?
Small businesses are at particular risk because they don’t have the protection many larger companies do, they have limited financial, IT resources and are too busy running the business to focus on data security and unaware of the consequences.
Most Companies Should Have Safeguards In Place
Virtually every company is at risk because every company collects and stores personal information including credit card, customer and employee data.
- Laws in most states require notification, which is costly and time-consuming
- Loss of customer trust
- Reputation damage
- Lost productivity
- Direct financial losses
Can the problem be solved?
Yes. According to the Verizon study, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action. That means 97 percent are avoidable.
The goal is a layered prevention/protection program that will ensure the financial health and stability of the company for the long term. In addition to employee education, a business’s action plan should include five key professionals – attorney, accountant, insurance agent, banker and IT specialist. Since small businesses are likely to have a relationship with all of these advisors, they may just need to add data breach and Cyber Theft to the conversation.
What Each Advisor Can Offer
- Attorney: Info about data breach laws and liability issues
- Accountant: A fraud risk assessment to determine internal and external fraud controls, policies and procedures
- Insurance agent: Risk management practices and data breach insurance coverage
- Banker: Utilize fraud prevention services such as Positive Pay if you issue checks and use dual control and a dedicated PC for online financial transactions
- IT professional: Find the vulnerabilities in your system and tell you how to guard against breaches
If you do not take action, your small businesses could be impacted by the lurking potential threat of cybercrime. To learn more about fraud awareness check www.cybercrime.gov or ask for the Webster Bank’s Fraud Awareness & Risk Management Checklist for businesses by sending an email to firstname.lastname@example.org.