For the Average Hacker, Your Small Business Is an Ideal Target

You're not too big to be hacked. Here's how to avoid becoming a statistic.

learn more about Jon Schram

By Jon Schram

South_agency | Getty Images

Opinions expressed by Entrepreneur contributors are their own.

Headlines are full of cybersecurity breaches, and big businesses like Google and Facebook are some of the latest to fall victim to outside attacks. A vulnerability in Google+ is at least partially responsible for the company's decision to shut down the platform for good, and a recent breach of Facebook's network security may have compromised the personal information of almost 50 million users.

Of course, for such enormous companies, a breach is an embarrassing blip on the radar. Google is mostly terminating its social platform because no one uses it (the company reported that 90 percent of user sessions last less than five seconds), and the even the notorious Cambridge Analytica scandal cost Facebook a mere $644,000 in fines imposed by British regulators -- peanuts for a company bringing in almost $100,000 in revenue every minute. But what would a $600,000 fine do to your small businesses?

Related: The Dos and Don'ts of Cyber Security Measures to Help You Protect Your Business and Assets

Face it: Small businesses like yours lack the resources to make data breaches disappear. Not only can fines and fees put you out of business, but the loss in customer trust after a breach can lead to increased levels of churn that you aren't prepared to handle. According to the National Cyber Security Alliance, 60 percent of small businesses are forced to close their doors less than six months after a cyberattack. To protect your business and prevent it from becoming another statistic, follow these four steps:

1. Recognize that you're a target.

Many small business owners enjoy a false sense of security, assuming they're too small to attract the attention of hackers. The problem is, hackers are no longer an elite few. The dark web -- the area of the internet accessible only through special software such as the Tor browser -- has made powerful hacking tools available to anyone with a few hundred dollars and a few hours to spare. According to Verizon's 2018 Data Breach Investigations Report, small businesses account for 58 percent of malware attack victims. And the Ponemon Institute found in its 2017 State of Cybersecurity in Small & Medium-Sized Businesses report that cyberattacks on small businesses have increased in recent years, affecting 61 percent of SMBs in 2017, up from 55 percent in 2016.

While it might be more difficult for these hackers to break into the network of a financial institution or a large tech company, it's easy for them to attack small businesses with ransomware or steal customer information and sell it on the dark web. You might not have been in danger when hacking required rare skills, but in the current climate you're the ideal target, so recognize that you should prepare accordingly.

Related: Here's Why Companies Can't Dismiss the Rising Need for Cyber Security

2. Do your due diligence in security practices.

When it comes to data breaches, it's more a question of "when" than "if," because attempts to compromise your systems cost hackers virtually nothing and all it takes for them to strike it rich is one successful effort against a lucrative target. With 86 percent of North American chief information security officers describing data breaches as "inevitable," according to a Kaspersky Lab survey, you should expect to be hacked at some point. Therefore, you should have a system in place to deal with the consequences of that attack quickly and effectively in order to safeguard your business and your customers. Part of surviving an attack is your business's story of effort: You want to demonstrate that you had the appropriate protections in place.

Implement a password policy and a security monitoring policy, perform firewall updates, conduct regular penetration testing and create an incident response plan. Nothing will protect you completely, but you can still institute some practical measures that are affordable for even small businesses. If you can show customers you were actively taking measures to protect them, they will be far more understanding in the event of a breach. But if your cybersecurity strategy involves crossing your fingers and hoping for the best, they'll abandon you in droves -- and rightfully so.

3. Train your employees continuously.

Even if you lived in a perfect world and had a fortune to spend on sophisticated cyber-defense systems, your data still wouldn't be totally protected. Even big corporations with massive cybersecurity budgets get hacked because their employees are human and therefore prone to making mistakes and being fooled.

Your employees are the most vulnerable part of your business from a cybersecurity standpoint, so train them to be more vigilant, especially around more common internal sources of security breaches such as email. Teach employees to recognize phishing attempts and more sophisticated spear-phishing emails and to delete any messages they have any doubts about. Set times for them to update their web browsers and operating systems in order to maintain the latest security software. To help minimize their odds of failure, invest in a good spam filter. According to Webroot's SMB Cybersecurity Preparedness report published in June, nearly all businesses train employees on cybersecurity best practices, but fewer than half maintain that training continuously, which leaves room for error. Education on security practices must extend to all employees and must be ongoing in order to be effective.

Related: 5 Cybersecurity Tools Your Company Should Have

4. Use systems that are easy and ongoing.

In Webroot's survey of 600 IT decision makers at SMBs in the Australia, the U.S. and the U.K., only about one-fifth said their businesses were ready to manage IT threats by themselves. Running a small business is highly demanding, so implementing cybersecurity measures in-house often proves to be too much work on top of that.

So many SMBs find that the best course of action is hiring a third party to regularly audit their defenses and conduct training, freeing up any in-house IT or tech talent to create new solutions for the business. Having professionals conduct training and ensure the system's security on an ongoing basis gives many businesses the peace of mind that they are proactively protecting customers' data. Because every business transaction is built on a foundation of trust, this investment in security is seen as money well-spent.

With security breaches occurring in every major industry on what feels like a daily basis, it's possible to become desensitized to the severe consequences of a breach. As a small business owner, it's important for you to realize that your business lacks the ability to recover from a breach in the way that larger corporations can. To protect yourself, follow the above steps and establish a capable line of defense. When the target is on your business's back, you'll be glad you did.

Jon Schram

Founder and CEO of The Purple Guys

Jon Schram is a husband, father, entrepreneur and founder and CEO of The Purple Guys, a Midwest-based information technology support company.

Related Topics

Editor's Pick

Everyone Wants to Get Close to Their Favorite Artist. Here's the Technology Making It a Reality — But Better.
The Highest-Paid, Highest-Profile People in Every Field Know This Communication Strategy
After Early Rejection From Publishers, This Author Self-Published Her Book and Sold More Than 500,000 Copies. Here's How She Did It.
Having Trouble Speaking Up in Meetings? Try This Strategy.
He Names Brands for Amazon, Meta and Forever 21, and Says This Is the Big Blank Space in the Naming Game
Business News

These Are the Most and Least Affordable Places to Retire in The U.S.

The Northeast and West Coast are the least affordable, while areas in the Mountain State region tend to be ideal for retirees on a budget.

Thought Leaders

The Collapse of Credit Suisse: A Cautionary Tale of Resistance to Hybrid Work

This cautionary tale serves as a reminder for business leaders to adapt to the changing world of work and prioritize their workforce's needs and preferences.

Business Solutions

Learn to Build a ChatGPT Bot for Only $30

If you want to see what AI can do for your business, grab this course bundle today.

Health & Wellness

5 Essential Steps to Expand Your Vision and Start Living Your Dream Life

It's time to break free from your comfort zone and expand your vision. When you refuse to settle for a mediocre life, you can start building a life you love.

Business News

I'm a Former Google Recruiter. Here's How to Land a Job in Tech — and What Can Blow Your Interview

A former Google recruiter says layoffs may be trendy, but tech workers are always needed. Here's how to land a job at a major tech company.

Business News

The 'Airbnbust' Proves the Wild West Days of Online Vacation Rentals Are Over

Airbnb recently reported that 2022 was its first profitable year ever. But the deluge of new listings foreshadowed an inevitable correction.