Cyberattacks—Huge Risk for Small Businesses


Massive data breaches at huge companies get most of the attention--keeping corporate boards and affected consumers up at night--but hacking attacks on small businesses can also cause nightmares and put the local restaurant chain or mom and pop shop out of business.

The massive Equifax data breach, which compromised the personal information of 143 million consumers, including Social Security numbers, driver’s license data, and birth dates, shows the devastating impact a cybersecurity incident can have on a company. Its stock took a nosedive as it saw reputational backlash from consumers and investors. Lawmakers, regulators, consumers, and class action attorneys are seeking further information on what caused the breach, the company’s response to the incident, and if there was a significant data security gap between what the credit reporting giant should have done to protect data and what it actually had in place. 

The pressure is now on large companies to secure sensitive corporate and consumer data before the next major cyberattack.

But, companies of all sizes need to make sure they keep up their cybersecurity protections. Small businesses may not hold the same treasure trove of data compared to behemoths such as Equifax, but they still offer a fruitful bounty for hacker’s hoping to gain a quick buck or craft their skills. 

Jason Hogg, CEO of Stroz Friedberg and leader of Aon Cyber Solutions in New York, told Bloomberg BNA that small businesses often don’t have “the subject matter experience” and technical know-how to architect and implement enhanced cybersecurity protections “to remediate intrusions quickly.” For a small business, a cyberattack is “usually a knock-out punch,” he said. 

However, small business cybersecurity risks aren’t lost on their owners. Ninety percent of small businesses believe that it is either “extremely important” or “important” to protect themselves from a cyberattack, according to a recent report by online small business broker BizBuySell. 

Cyberattacks—which generally take the form of malware, phishing schemes, and ransomware attacks—have pushed small businesses to up their cybersecurity game, according to the report.  Owners have taken measures into their own hands to protect their small business by downloading and patching antivirus software, securing Wi-Fi networks, bolstering internet firewall security, backing up sensitive and important data, and training employees on cybersecurity policies, the report said. 

Companies of all sizes need to conduct a “proactive review of their cybersecurity posture” to make sure their protections are up to date and “understand where mission critical data can reside,” Hogg said. 

Small businesses also should view their company “like a submarine,” Hogg said. Just as a submarine is divided into compartments that can be sealed off to limit a leak to one part of the vessel, companies can segment their computer systems. Company data security leaders should ask and be able to answer the question “is there adequate network segmentation?” so corrupted data can’t be spread around the company, Hogg said. 

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.