Hackers Actually Prefer Smaller Companies. Here's What You Should Do.
Some unsettling news came out of a report a few years ago on business data breaches (hack attacks where data is stolen).* The report analyzed the hackers and their business targets. Now, most people think that hackers primarily attack large companies, and that would seem to make sense for a couple of reasons:
- When hackers break into a large company's network, it makes headlines.
- Target, Home Depot and Sony have all been targets of major hack attacks.
With so much at stake, we all might assume that large companies have plenty of defenses in place against hackers. Some do, but in some instances that simply makes it a more tempting target for some hackers! However, others move on to simpler targets.
Or more accurately, smaller ones.
Thinking small. Tips for more security.
The above-mentioned report revealed that seven out of 10 online attacks are aimed at businesses with 100 employees or fewer. That's a bit of a surprise...but should it be? After all, what kind of anti-hacker strategies and forces can a small company muster on its own?
Remember, hackers primarily want to disrupt the status quo of an organization. If they can do that with a little effort against a smaller target, that might be worth it to them. That's not to say that small companies don't feel the effect of a hacker's attack. The report showed that a data breach, on average, costs small companies about $35,000.
Thinking and planning ahead.
If you run a small business, you need to come up with an anti-hack plan sooner than later. A few hours dedicated to your security could save you time, money and grief in the months and years ahead. You can beef up your security now with a few smart steps and make it harder for someone to penetrate your company's security network, business information and customer data.
Here is a simple guide to help you formulate a stronger security plan for your business:
- Create a security review team. You don't have to go it alone. Pull together those in your company who are responsible for your networks or managing data. They all have something at stake in the discussion. Look for the brightest minds in your company, not just the technical ones.
- See your business as a target. Climb into the shoes of a hacker or enemy and look at your company as the target. Ask everyone the following:
- Who would want to attack your company or see it fail?
- What company information is most valuable to hackers? Do you have trade secrets or highly sensitive information you need to protect?
- Another way to look at it is to ask what information is most valuable to you (as the owner or leader)?
- Are you a vendor with links to a larger company that could be a target? Explore those issues.
- What data would you least like exposed?
- Examine your hardware and software vulnerabilities. Hackers don't break down physical doors. They first look for network vulnerabilities and then exploit known or obvious weaknesses in software security. Many companies make improvements by using open-source code in their business applications that are extremely vulnerable. Make examining your application's source code a high priority.
- Work with security specialists if you need help. If you don't have the time or technical savvy to identify your network and software vulnerabilities, consider hiring an outside security software firm for help. (You may also want to train your IT manager in the latest security methods and have them coordinate the process.)
- Look into cyber insurance. Yes, there is such a thing. If you have cyber insurance and you experience a hack attack, your insurance could cover the following:
- Liability coverage for any exposed confidential information
- Costs incurred for informing your customers about the breach
- Credit-monitoring services for customers (if it makes sense for your business)
- Reimbursement for costs resulting from business interruption the attack caused
Note: Cyber insurance doesn't protect you or a third-party vendor from negligence or lack of due diligence. You have to do your part, which includes keeping your hardware and software up to date and applying all the latest security patches.
Prevention is the cure.
If you run a small company, the bad news is that hackers might target you one day and you might not have the budget a large corporation has to devote to network security.
But the good news is that your network is just a fraction of the size of those corporations...and that makes beefing up your security an attainable goal in terms of time, money and efficiency.
* 2012 Verizon Data Breach Report