Why Your Small Business Is at Risk of a Hack Attack

In the wake of the Target and Neiman Marcus data breaches, startups and small businesses should realize they aren't immune.

learn more about Heesun Wee

By Heesun Wee

This story originally appeared on CNBC

The data breaches at Target and Neiman Marcus have expanded, as millions of consumers' personal information has been stolen. Large retailers naturally are paying more attention to securing data, but the threat may be heightened for small to midsized businesses.

Smaller ventures are particularly vulnerable because cybercriminals know they likely spend less to protect their digital information and infrastructure. Cheaper security measures also tend to be static, meaning those systems don't evolve to keep up with criminals' newest tricks.

It's not like small businesses haven't already felt the wrath of breaches before. Last year, 31 percent of all attacks were aimed at companies with less than 250 employees, according to Symantec's 2013 Internet Security Threat Report. Data breaches "already are happening among smaller employers. It's not happening with any lower frequency than the Targets you're reading about," said John Rose, a security expert and senior partner at The Boston Consulting Group.

"Security is a dynamic environment," said Pat Calhoun, senior vice president at McAfee, which is part of Intel and offers security solutions. "It's not just a single firewall and you leave it alone." Less ambitious, fixed security measures in turn attract cyberthieves because those stagnant systems allow criminals to more easily nab personal data--then slip away undetected for as long as possible.

So how can upstarts protect themselves against crime? A regular monitoring of online security is a start. Los Angeles-based Art of Tea is a tea importer and wholesaler with a staff of 25 in the U.S., plus additional support in Asia and India. The team includes two people who are dedicated to security as the bulk of its business is done online, said business owner and Chief Executive SteveSchwartz.

Art of Tea's online security system costs roughly $100 a month, plus an additional charge per online transaction, Schwartz said. The system alerts the small business when there's suspicious activity, just the way a consumer is alerted to an odd credit or debit card transaction.

Schwartz said security is a priority because cybercriminals don't discriminate based on business size. "We're just as sensitive and susceptible to what's happening with Neiman Marcus," he said.

Target and Neiman Marcus

Target on Dec. 19 confirmed about 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15 last year, according to a statement. But there was more. On Jan. 10, Target revealed the data breach was in fact larger. Now up to 70 million consumers have had their personal information stolen including names, mailing addresses, phone numbers or email addresses, according to a statement.

Neiman Marcus last Wednesday said cyberthieves could have attempted to steal data from up to 1.1 million customers from July 16, 2013, to Oct. 30, 2013, Neiman Marcus Group President Karen Katz said in a statement on its website.

A merchant processor in mid-December last year notified the Neiman Marcus Groupof potentially unauthorized payment card activity that occurred after customer purchases at the company's stores including Neiman Marcus and Last Call. There have been no reports of fraudulent activity after purchases at Bergdorf Goodman, a spokeswoman said in an email.

Cyberthieves holy grail

Security experts say pursuing malfeasance undetected for as long as possible is the holy grail among cyberthieves. "When cybercriminals are going after intellectual property and financial data, their goal is to extract data and to do it stealthily," said Calhoun of McAfee.

A white paper from McAfee last July noted attackers who masterminded a major cyberespionage case in South Korea had remained hidden for years prior to the attack last March. The criminals zeroed in on multiple targets including banks and news agencies.

But whether the target is multinationals or mom-and-pops, awareness about cybersecurity is the first step toward a solution.

Roughly 77 percent of small firms believe their company is safe from a cyberattack--even though 83 percent of those firms do not have a written security policy in place, according to the National Cyber Security Alliance and Symantec. And unlike larger firms that could absorb a data breach, the consequences can be much more catastrophic for a smaller venture.

Digital data stewards

Wary consumers, meanwhile, are thinking twice about that next card swipe, maybe even walking a few extra blocks to get cash from a trusted bank. So what's the net effect?

Going forward, the retail data breaches may trigger more public awareness and even activism about the Internet and related issues including the volume of accumulated personal data. Rebecca MacKinnon, an expert on global Internet policy, argues public awareness about Internet liberties will grow in the way once-fringe environmental concerns moved into the mainstream.

Other experts say the retail data breaches and broader concerns about digital privacy--including whose monitoring your email activity--are pushing consumers to place more importance on companies and brands that protect personal data. In other words, customers increasingly are shopping for products and services with an evolving checklist that includes price, product quality--and which company is going to protect your personal data.

And with the proliferation of mobile devices and e-commerce, companies large and small that don't rate high on data stewardship stand to lose business. Said Rose of The Boston Consulting Group, "What's at stake is you will switch retailers, you will switch banks, switch credit card providers."

Heesun Wee

Heesun Wee is an editor at CNBC.com.

Related Topics

Editor's Pick

Everyone Wants to Get Close to Their Favorite Artist. Here's the Technology Making It a Reality — But Better.
The Highest-Paid, Highest-Profile People in Every Field Know This Communication Strategy
After Early Rejection From Publishers, This Author Self-Published Her Book and Sold More Than 500,000 Copies. Here's How She Did It.
Having Trouble Speaking Up in Meetings? Try This Strategy.
He Names Brands for Amazon, Meta and Forever 21, and Says This Is the Big Blank Space in the Naming Game

How to Detect a Liar in Seconds Using Nonverbal Communication

There are many ways to understand if someone is not honest with you. The following signs do not even require words and are all nonverbal queues.

Business News

Would You Buy Maggie Murdaugh's Monogrammed Snake Print Pillows? Items From the Murdaugh Family Home Are Going Up for Auction

The sale comes just weeks after Alex Murdaugh was sentenced to two consecutive life terms for the June 2021 murders of his wife, Maggie Murdaugh, and son Paul Murdaugh.

Health & Wellness

3 Insights From the First Large-Scale Study on Burnout and Entrepreneurs

Researchers found autonomy and "psychological utility" are linked to happiness, while having a team increases your risk of burnout.

Business News

American Airlines Sued After Teen Dies of Heart Attack Onboard Flight to Miami

Kevin Greenridge was traveling from Honduras to Miami on June 4, 2022, on AA Flight 614 when he went into cardiac arrest and became unconscious mid-flight.

Business Culture

Connected for Success: 4 Crucial Values of an Interconnected Organizational Culture

This is why every company needs to foster an organizational culture driven by creativity, autonomy, and collaboration.