It’s an exciting time to be a small business owner in the United States. According to recent data from financial information company Sageworks, businesses with less than $5 million in annual revenue experienced an average 7.8 percent annual sales growth last year.
Small business owners often enjoy having more autonomy over their career and taking a more involved role in setting standards for work-life balance, the hiring of employees, company culture and driving the overall mission of the company. And, with shows like ABC’s Shark Tank gaining popularity, the appeal of being an entrepreneur has reached new, mainstream heights.
While owning a small business has its perks, many small business owners are faced with tight budgets and find themselves stretched thin, performing many different tasks and earning the title of “Jack of all Trades.” When juggling company finances, recruitment and the other inevitable day-to-day demands of the business, cyber security often gets put on the back burner. At our identity protection and fraud detection company CSID, we’ve noticed this trend and for the past few years have conducted an annual survey to take the temperature on small business security in the United States. Are small businesses taking the necessary steps to defend against cyber attacks? The answer is “no.”
This is concerning because cyber criminals are catching on and targeting small businesses with increased frequency. Symantec’s 2016 Internet Security Threat Report revealed that 43 percent of all phishing attacks were targeted at small businesses in 2015, up almost 10 percent from 2014. The stat is especially alarming when comparing against a timeline of four years: in 2011, just 18 percent of attacks were targeted at small businesses.
While attackers do continue to target large enterprises more frequently, small businesses are proving to be an emerging gold mine as they store the same valuable information, but have fewer resources to defend themselves against threats. In our most recent survey, we found that despite the majority of small businesses reporting being concerned about cyber attacks, a third were not taking any proactive measures at all to mitigate cyber risks, and only 12 percent had a breach preparedness plan in place.
So, why aren’t small businesses taking any action? We found that there is a significant educational disconnect for small businesses when it comes to understanding the value of the data they store, and how vulnerable they really are. Our survey revealed that while the majority (58 percent) of small businesses don’t feel they store any valuable data, 68 percent store email addresses, 64 percent store phone numbers, and 54 percent store billing addresses. In my last piece, I shared how one email address allowed attackers to take down an entire small business within an hour.
Attacks on small businesses are showing no sign of slowing, so if you’re a small business owner, it’s important to understand the unique threats facing your business and take action to defend against cyber threats.
Awareness, education, monitoring and response, will all play a role in helping you safeguard your company information. There are a number of free, easily accessible resources, like the National Cyber Security Alliance and the Federal Communications Commission, for information on security best practices. Consider baking-in these best practices to your business plan and corporate cultures and invest in arming your employees with the information they need to play an active role in keeping the business secure. Enlisting the support of a third-party monitoring service to alert you of fraudulent activity can also help you stay one step ahead of cyber threats. And finally, have a response plan in place to minimize the damage of an attack and bounce back more quickly.
By being aware of the threats and taking the necessary steps to defend against attacks, you can go back to focusing on what’s most important: running your business.