Equifax had a massive breach today potentially affecting over 143 million people. Your birth date, Social Security number, address, and driver's license number may be making its way to the Dark Web this moment.
You are a hacker's target. Let that sink in for a minute. You, yes even you, are not immune from hackers. No matter what you are doing, where you are working, what hobbies you have, or how much money you have or don't have - hackers are after you.
They know all about your poor password habits, how to get you to click on things you shouldn't be clicking on, and on which site everyone in your office reads the morning news.
There are many different types of cyber attacks.
Internal incidents are often overlooked, but they account for about 10% of data breaches and 43% of data losses as of 2015. These are often attacks where an insider gains trust and thereby access to systems - often known as espionage.
A more common type of insider threat comes from accidents. When people lose their cell phones or laptops or they are stolen from locations that were thought to be secure, thieves can use these devices to gain access to valuable records.
In 2015, nearly half of all identities stolen were accessed in this way.
More often, however, threats come from the outside. When you click on a phishing message, 91% of the time attacks will begin in under two minutes.
Spear-phishing targets people within organizations who may have higher levels of access than the average employee. Another growing area of cyber attacks is ransomware.
Ransomware takes vital information hostage and allows cyber criminals to retain control of the information until a ransom is paid, and even then there's no guarantee they will return your information. This is a growing cause of business disruption.
Small businesses have the most to lose
Large businesses experience cyber attacks, but they are often better equipped to handle it. Small businesses, on the other hand, often do not have the personnel needed to fend off and detect attacks, lack the resources to clean them up when they do happen, and can't weather the reputational hits that come from them. Small businesses:
- Experience a larger financial impact from cyber attacks.
- Are less likely to have measures in place to prevent attacks.
- Are unlikely to change security measures after a successful attack.
- Experience 43% of spear-phishing attacks.
- Often go out of business within six months of a successful cyber attack.
- Can spend on average $50k to clean up a data breach - more than most small businesses have to begin with.
Retail isn't the only sector hackers target
We often hear about retail data breaches that compromise consumer data at the point of sale. Target, Home Depot, Taco Bell, and more have had high-profile data breaches that affected millions of consumers and their credit card information.
But retail was only responsible for 1.3% of the identities exposed last year, whereas services were responsible for more than 90% of identities exposed. Services also account for almost 45% of data breaches, while finance and real estate account for 22% of data breaches and manufacturing accounts for 11% of data breaches.
Surprised? The most costly data breaches often don't even make a blip on the news because they often don't directly affect consumers.
How can small businesses protect themselves?
Small businesses don't often have large budgets for information security, though these days you certainly need the same level of information security as larger corporations. Practicing good password hygiene and only giving employees access to what they need are some simple steps you can take to safeguard your company's information. Maintaining equipment and programs and installing updates frequently can keep most low-level cyber attacks at bay.
Developing a BYOD, or bring your own device, policy can also help employees recognize the crucial role they play in preventing cyber attacks.
But it's also ok to contract out for information security. Remember that you can't do it all yourself, and it's ok to ask for help. Talk to the professionals. Have a security audit done by the experts to expose any weak spots. There are plenty of options out there for small businesses that want to do better with their security.
NaaS, or network as a service, providers can also help out with security concerns by bundling security measures into cloud-based network services.
Knowing there is a threat is the first step, and taking that threat seriously is the next. After all, can your business really afford to take the hit?
Learn more about preventing data breaches from this infographic from CBTS.