Corporate data breaches are nearly a daily occurrence, and it’s not only the largest, most visible companies that are exposed to the risk. Often, data vulnerabilities can stem from relationships that companies have with vendors, suppliers, partners, and other third parties. Small- and Medium-sized Businesses (SMBs) are especially vulnerable to data theft. They typically have fewer resources, lack a security infrastructure, or don’t think they are as exposed to the risk of breaches as larger organizations.
Whether targeted for their own data, or as a backdoor channel to a larger partner or client, cyberthieves often set their sights on SMBs for easy access. In fact, 58% of malware attack victims are SMBs, and almost two-thirds of all cyberattacks are directed at small businesses. The threat perimeter expands significantly when factoring in the number of other organizations that an SMBs valuable customer or financial data may flow through. Although 56% of data breaches were linked to third-party attacks in recent years, some 67% of companies don’t inventory their vendors or what information they are accessing, according to Ponemon Institute research.
Business Data Lives in Many Places
With the proliferation of SaaS and cloud-based data storage systems, it is very likely that critical data about your company sits in multiple locations with numerous access points. Every business partner keeps records of their interactions with your organization, and every firm with whom you send or receive electronic payments may have access to your financial data. How safe are their data practices? Do you know the data security policies of the businesses to which you make payments? Every time your company electronically files taxes or processes payroll potentially exposes your business and your employees to potential theft of personally identifiable information (PII). How is this information processed and stored by the partners you work with? These are all data weaknesses every small business must consider in today’s digital world.
Cybercriminals Prey on Small Businesses
Small businesses may think they fly under the radar of cybercriminals. But 47% of all SMBs reported experiencing at least one cyberattack in the previous 12-month period, according to a Hiscox Small Business Cyber Risk Report. SMBs are often a gateway to larger enterprises, making them attractive targets. Remember that Target was breached in 2013 through its third-party supplier network when cybercriminals infiltrated a small HVAC subcontractor to get to its data.
Tips to Alleviate Business Risk
SMBs often lack the time, money and expertise to detect and repel cyber threats. Still, to mitigate the risk of data theft, there are a number of baseline measures you can take:
- Educate employees. Show them how to recognize potential threats and how to react to them. Reinforce this knowledge with regular updates, particularly when new cyberthreats are identified.
- Harden your networks, especially for mobile. Threats to mobile devices may include rogue applications, spyware, and unsecured Wi-Fi connections, and even fake networks. Employee mobile devices used for work purposes are easy targets for cyberthieves, creating numerous gateways into your network.
- Deploy enterprise data encryption tools. Encryption should not be limited to in-use data, but also to data at rest and in motion.
- Develop a Data Breach Response Plan. An effective plan should draw guidance from knowledgeable security professionals, following best practices and prevention tips to protect against a data breach or identity theft incident.
Continue following Fighting Identity Crimes for the latest breach and scam updates, ID protection news and tips from our industry experts.
Follow us on social!
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.