Small businesses, more than any other identifiable group, need someone to help guide them through assessing their data risks, securing their companies’ data, taking the necessary measures to protect against those risks, and coordinating a proper response in the event of a breach. This is the message that can be taken from a blog by Robert Siciliano entitled Hackers Targeting Small Businesses that was recently posted at Infosec Island.
According to Siciliano,
“With smaller businesses, however, victims are often left in the dark, regardless of the various state laws requiring notification.
One reason for this is that smaller businesses tend not to keep customer names and contact information on file, and credit card companies discourage them from recording credit card data.
This is serious cause for concern. The Wall Street Journal reports that the majority of breaches impact small businesses:
‘With limited budgets and few or no technical experts on staff, small businesses generally have weak security. Cyber criminals have taken notice. In 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.’”
Don’t be left confused and wondering what to do when your business gets hit with a data breach. And, the odds are it will be. Plan ahead now. Give me a call and let’s talk about how to assess and prepare for these issues before you have a crisis situation so I can help you minimize the chance that you will have one. The costs of addressing these issues proactively is a lot less than if you have not prepared and have a data breach crisis situation.
Related articles
- Data-Breach Insurance Caters to Small Businesses (pcworld.com)
- 1 In 3 Massachusetts Residents Experienced Data Breach In 2011 (teamshatter.com)
- 2.1 million users’ data breached in Massachusetts (eset.com)
- Cyber Attacks on Small Businesses Increase (mysolidcompany.wordpress.com)
A point of real concern is a small business that hires a larger vendor – like the firm I used to work for. At one time, we had a number of small in-mall chain stores, while also processing for large clients like Tandy/Radio Shack. If someone could hack in through the local small chain store, they could conceivably get access to data, not only for all members of that chain, but to other larger companies we also handled. (We did close that loophole before any damage was done, but we were vulnerable for several months.)
I realise you are primarily aiming at single store operations, though. A large problem with them is the burgeoning of the Internet for EVERYTHING. I’ve seen a clerk at a small store shrink the window for the sales application and pull up Google maps to direct you elsewhere after the sale, or to sign onto another company’s website to check if the part you’re looking for is available elsewhere. That is VERY common in smaller-town areas like SE Ohio where I am – especially in less-than-computer-literate Amish stores! (Yes, Amish use computers and cell phones – if I ever do start a blog, one of my first posts will be “The Myth Of Amish Technophobia”.)