There was no shortage of high publicity data breaches at major American companies in 2018. Combing the headlines, you see classic American companies like Sears, Macy’s, and Kmart victimized by hackers. However, how likely do you think it is that these companies will go bankrupt because of these hacks? For major retailers and well established brands, business as usual tends to resume rather quickly after even major hacks. This is because these companies tend to be insured against this sort of thing. Likewise, credit card companies tend to bear the brunt of the expense from hacks, as credit card numbers are typically the hackers’ targets.
The story for small businesses, however, is not quite as rosy. Consider that after being victimized by a major data breach, 60% of small businesses will have closed within six months. They simply don’t have the resources, time, or brand equity to sustain the damage that hackers inflict and shake it off like major companies do. No wonder, as the Ponemon Institute estimates that the average cost to a small businesses suffering a major hack is $600,000. Because of this, security is arguably an even bigger concern to small businesses than it is to large ones.
Cybersecurity: Small and Large
The cybersecurity threat is even more severe for small businesses than it is for big, for the simple reason that small companies are often much softer targets. While not all hacks result in actual losses for the company, experts estimate that half of the 28 million small businesses in America have been compromised by hackers in some way. Network security is a lot like the old joke about two campers when a bear approaches, they don’t have to outrun the bear, just each other. The slowest one gets eaten. The softest target gets hacked. For this simple reason, small businesses need to approach their network security as a large company would. Assuming you’re too small to get noticed is exactly the wrong idea.
However, this risk has yet to set in. A 2017 study conducted by CNBC found that only 2% of small business owners see network breaches as a major threat facing their company. It’s easy for large businesses to recognize the risks, especially because they will be in the news if they suffer an attack, but small business owners get caught up on more immediate concerns like making payroll and growing their business. This is understandable, but ultimately dangerous.
Small businesses also tend not to have as extensive or systematic of protections as large businesses do. This does not mean that they are completely vulnerable, but there is often a way for hackers to find an opening. Both small and large businesses need enterprise level IT security for this reason. While there are plenty of helpful guides for implementing such intensive security in your organization, the important thing to remember is that the money is well spent. For small businesses, IT security is not only a matter of insurance for their organization, it is also the only way to continue maintaining business day to day business operations. Consider Google, which is now ramping up encryption and security requirements for sites that it indexes. Failing to invest in the proper security measures will result in penalties from Google. For small and big business alike, network security is simply a cost of doing business now and needs to be seen as such.
Staying Safe
In many ways security requirements are the same regardless of organizational size. The matter is one more of scale than actual difference. However, for small businesses, the security threat is ever present and existential. Since most small businesses lack the resources to recover from such an attack, they must prevent it. There is no other option, as failing to do so is more likely than not to result in closure.
The good news is as a leader of a small business, you can take steps today to create a security conscious culture that will keep your business safe. The most straightforward way to this is by impressing upon your employees the breadth of the threat. Sharing these statistics and warning them about hackers, while teaching them the threat of phishing and ransomware is half the battle. Before spending any money, you can make your business safer just by encouraging employees to think about security. After all, their jobs depend on it!
