The belief that small businesses face less risk from hackers is not only false but dangerous, according to Kaspersky Lab, the world’s largest privately-held vendor of endpoint protection solutions. Cyber-criminals often target small businesses expressly because small businesses generally pay insufficient attention to data protection.
Adding more complexity, these businesses increasingly are allowing employees to use personal devices on the company network. In 2014, 64 percent of companies permitted such use, according to a Kaspersky survey. Other top priorities for security at small companies are customers’ personal information (25 percent), payment requisites (13 percent) and trade secrets (12 percent), the survey added.
Despite these diversified data sets, small businesses skimp on security, installing basic protection systems, such as free anti-malware products.
Konstantin Voronkov, head of endpoint product management at Kaspersky Lab, explains: “Being small doesn’t mean [you are] less noticeable by cyber-criminals. It’s very important for businesses to pay more attention to ensuring their cyber-security.”
In fact, online security for small businesses was debated in Congress last week, the Washington Post reported. And the gist is that small business owners should make every effort to protect themselves in today’s rapidly changing digital environment.
Under consideration is legislation designed to “better shield corporations and governments from cyber-criminals,” though “some experts worry the bills wouldn’t go far enough to protect and educate small businesses.”
“It would be a step in the right direction, but not a panacea,” Todd McCracken, president of the National Small Business Association, said during a House Small Business Committee hearing. He added, “Cyber-security has emerged as a significant problem and concern for the small-business community. Sharing cyber-security information is useful, but what small businesses really need is to know how to use that information.”
McCracken’s position is that government efforts to stop cyber-attacks should include a more prominent move to help small businesses better detect and handle hacker attacks. Cyber criminals know small businesses “are ill-prepared to defend themselves.”
“There needs to be an education component to all this,” Dan Berger, president of the National Association of Federal Credit Unions based in Arlington, Va., said during the hearing. His group has long called for a national set of data security standards for retailers and merchants, which would give business owners clear direction for how to store and protect their information, as well as uniform guidelines for responding to a data breach.
Added Jane LeClair, chief operating officer at the National Cybersecurity Institute at Excelsior College in Washington, D.C.: “Often, small businesses don’t even know they have been attacked until it is too late.” LeClair later pointed to surveys showing that most small companies that fall victim to a serious cyber-attack don’t recover; 60 percent of them go out of business.