October is National Cyber Security Awareness Month. With several data breaches occurring in recent weeks, including Experian and the Trump Hotel Collection, it’s time for business owners to take their small business data seriously, says Erik Knight, a cyber technology expert and CEO of SimpleWan, a provider of cloud-based security routers. “Don’t assume you’re too small for data breaches to happen to you or your clients.”
Surveys show that the average business is unaware and unprepared that it’s being hit with more than 10,000 attempted intrusions on small businesses a day, and the number of these attacks are growing. Sunday at 3 am is reportedly the biggest attack time of the week. “When a data breach does occur, it can take months to discover it. The days of small businesses not taking data breaches seriously are over. If a small business has an ‘it can’t happen to me approach,’ I guarantee they are a target for a cyber threat,” adds Knight.
In addition to an increase in the volume of hacking, scams are becoming much more sophisticated, and the landscape is changing regarding culpability. The government is starting to hold businesses responsible for protecting customer privacy. Effective on Oct. 1, new liability rules specify that businesses that do not upgrade their credit card equipment so that it can read EMV chip-enabled cards will be liable for fraudulent activity and security breaches.
According to the research firm the Ponemon Institute, 43% of businesses worldwide had a data breach in 2014 and most didn’t know they have been breached. Yet, small businesses’ static firewalls stay the same, while cyber attackers are staying abreast of the latest technology. Roughly 66% of small businesses say they aren’t concerned with hackers and 47% believe a data breach would have no impact on their business. In reality, 71% of data breaches target small businesses and 69% of cyber attacks target retail and restaurants. What’s more, 96% of data breaches target payment card data and 60% of small businesses close within six months of experiencing a data breach.
So how can businesses protect themselves? Knight suggests the following seven tips:
- Use Common Sense: Never use any default passwords
- Don’t buy over the counter products and just plug them in
- Get a professional. A tech savvy teen down street doesn’t cut it anymore
- Don’t give in to the ‘ease of use’ argument by letting C-level security take over
- Don’t host your website, e-mail or servers at your office anymore
- Network, diagram, and label everything
- Buy a monitored firewall service