How data breaches impact small businesses and their employees

Three people in an office looking at a computer monitor.

It’s always important for businesses to ensure their employees work securely, both at the office and at home, as cybercriminals continually look for ways to attack.
However, helping employees work safely while they’re remote is more critical than ever due to the impact of two trends—the dramatic increase of people working from home and the impact of data breaches, particularly the rise in data breach costs.

With more people working remotely, the internet-centric environments of offices and homes introduce a new set of security vulnerabilities. According to a report published by Malwarebytes, 20% of cybersecurity leaders say they’ve faced a security breach because of a remote worker.

Meanwhile, the cost of mitigating a data breach for small-to-medium-size businesses (SMBs) is far higher than most business leaders are aware of. According to AppRiver Software, $149,000 was the average cost of a data breach for an SMB in 2019. However, most SMB leaders estimate the cost of a data breach to be around $10,000. Only 19% of survey respondents acknowledged that costs could surpass $100,000.

Employees must be aware of the vulnerabilities for the safety of themselves and their company.

SMB cybersecurity and cyber resilience

There’s an idea within some SMBs that they’re too small to be attacked because there’s less value in their information—which is far from true. Small businesses are more likely to be targeted with a ransomware attack. According to Infrascale, 46% of all small businesses have been the targets of a ransomware attack. Of the companies hit with a ransomware attack, nearly three-quarters (73%) have paid a ransom.

SMBs find themselves ill-prepared to address cybersecurity issues

According to the National Small Business Association’s testimony before the U.S. Senate Committee on Small Business in March 2019, only 14% of small businesses rated their ability to mitigate cyber risk and vulnerabilities as useful.

In a study by the Cyber Readiness Institute (CRI), half of the small businesses interviewed expressed concerns over remote work leading to more cyberattacks. Only 22% of companies with less than 20 employees offered additional cybersecurity training before commencing remote work operations.

Shockingly, 28% of respondents admitted using personal devices for work-related activities more than their work-issued devices, creating a significant cybersecurity vulnerability.

Actions you can take

While there’s the impression that SMBs are too small to be attacked, not all business owners feel that way. According to a U.S. Senate Committee on Small Business testimony in March 2019, 62% of SMB owners expressed they’re concerned that their business could be vulnerable to a cyberattack, both in terms of being targeted by a cyberattack, as well as the potential for unnecessary regulatory burdens that could accompany efforts to stem online attacks.

To protect your and your customer’s data, businesses should:

  • Develop more robust security policies. The stronger the policies are, the harder it will be for a cyber attacker to strike.
  • Train employees on cybersecurity. Businesses should show their employees what to do, what to avoid, and what to look out for. Training can be tailored to the individual employees and their respective departments.

To protect your and your customer’s data, your employees should:

  • Update all of their software, including the operating system and applications. Keeping software updated reduces the likelihood of an attack.
  • Add a stronger passphrase to their home Wi-Fi and wired networks. A strong passphrase can be very difficult for a hacker to crack.
  • Keep their work passwords and personal passwords separate to reduce the risk of a credential-stuffing attack. Using the same password could result in a hacker being able to gain access to multiple accounts.
  • Add two-factor authentication (2FA or multi-factor authentication) to personal and business accounts where possible. This helps ensure any attempt to log into a protected account is you.
  • Not click on any links, open any attachments, or download any files from an email they’re not expecting. Consumers should go directly to the source to verify the validity of the message.
  • Data breach resources for SMBs

    Right now, it’s vital to focus on the impact of data breaches on SMBs and securing your employees. To access the latest data breach information, and learn more about the impact of data breaches, employees and businesses should visit the Identity Theft Resource Center’s (ITRC) new data breach tracking tool, notified™. It’s updated daily and free to consumers.

    Bottom line

    You work hard to ensure your business runs smoothly—don’t let cyber threats tear it down. By keeping yourself and your employees on top of current cybersecurity tactics, you can help secure your data and prevent it from falling into the wrong hands.

Leave a Reply

Your email address will not be published. Required fields are marked *