The continuing mess with Target over last year’s data theft involving card swipe terminals has made me think twice when swiping my credit card just about anywhere. But what choice is there? We have become a nearly cashless society. I’ve even heard people having competitions about who can go the longest without ever visiting an ATM. So we just swipe away, holding our collective breath and hoping that nobody is lurking to steal our identity or drain our bank account.
To be sure, the issues at Target have heightened awareness of the problem among major retailers and banks, all of which seem to be scrambling to buttress their security and demonstrate to customers how safe their networks are. But what about small businesses? Aren’t they just as likely to be hacked? Or are small businesses such small potatoes for criminals that they don’t need to worry as much about data security? I did some research and found what I thought was a surprising answer.
Separate studies last year by Verizon and cybersecurity firm Symantec show that small businesses are in fact the most common target of cyber criminals. And not only are they the most common target, but they often have the most to lose, with limited financial ability to weather a major hack that impacts their customers and damages their reputation. Then there’s the incredible drain on staff productivity as teams of people with full-time day jobs have to take on the herculean task of compliance with data breach notification provisions, which vary from state to state. Major insurance companies such as AIG now offer cyber risk coverage, which can alleviate some of the financial burden and provide much-needed expertise to deal with compliance issues and claim processing.
One more particularly troubling notion for small business owners is that hackers will often use their companies as a gateway to hacking large companies, simply because they are easier to breach with less sophisticated systems, and the larger companies may not have as much security in place over networks connecting with vendors. Then not only do you have to deal with your own data breach, but you probably also just lost one of your biggest customers because it blames you for the security breach. Thankfully, many financial service providers in the credit card business are offering free tips on best practice, like this one from Visa, which gives excellent counsel on how to improve your data integrity by following a few simple but important steps.
There’s no end to the potential damage cyber risk poses, and the common theme for businesses – large or small – is that it’s just like the old adage in bull riding: it’s not a matter of if you’ll get hurt (or hacked), it’s when and how bad.