No company wants to experience the horrors of a data breach, but these can have particularly devastating consequences on a small business who doesn’t have the resources to bounce back. In fact, 60 percent of small businesses fail within six months of a cyber attack. In order to protect yourself and your company, you need to know exactly what the risks are, what you can do to prevent them, and how you can recover.
Sources of Data Breaches
Data breaches can come from various sources. If you want to protect yourself against data breaches, you will need to put plans in place to prevent and combat each one of these.
» Hackers - When most people think of fraud and data breaches, their mind goes to the stereotype of the shady hacker, typing away in a dark basement. Hackers are not inherently bad or suspicious, but they do tend to be behind most cyber attacks.
» Current Employees - No one wants to think about their employees betraying them. However, while employees do sometimes willingly cause data breaches for financial gain or a sense of revenge, many times it's accidental. Employees are vulnerable to phishing, use weak passwords, and sometimes lose important information. In fact, employee negligence, not sabotage, is the main cause of data breaches.
» Past Employees - Past employees can cause data breaches either intentionally (by stealing data or giving away key information to a hacker) or unintentionally (by accidentally giving away such information to someone with bad intentions, or unknowingly taking company data home with them). In a 2017 survey, 20 percent of companies had experienced a data breach by an ex-employee.
» Anyone Else With Key Information - This includes friends and family members of employees, contractors, or anyone who could access sensitive information.
Sometimes, an attack or breach can be a combination of several of these factors. For instance, a hacker may be the one behind the attack, but they are using information carelessly shared by a current employee, or the culprit may be a former employee themselves.
Bear in mind that, according to the 2018 Data Breach Investigations Report by Verizon, 73 percent of cyber attacks were perpetrated by an outsider. This means the chances of one of your employees being behind the attack are low, but it’s not entirely impossible.
You May Also Like
Compare and choose the appropriate software from the list of top-rated Data Center Infrastructure Management software curated by SoftwareWorld.
Types of Cyber Attack (and How to Prevent Them)
There are many ways that a cyber attacker could attempt a data breach on small business. Each comes with its own complications and challenges, and many can cause other problems such as incapacitating your service entirely.
» Social Engineering - Social engineering encompasses various types of attack that involve fraud and manipulation to obtain company data. This includes things like phishing (trying to get someone to click on a harmful link), ransomware (holding your data ransom), or lying to get someone to reveal security credentials. The experts at Digital Guardian offer some great advice on how you can prevent these types of attacks from affecting your business.
» Man in the Middle - A type of attack that essentially boils down to someone intercepting key information over a network. This can easily be used to steal data and, when carried out correctly, will probably not be noticed for a while. Encryption and authentication methods can be used to counter this, but hackers are always finding new ways to break encryption.
» SQL Injection - SQL stands for Structured Query Language, a type of programming language used in databases. SQL injection involves introducing malicious code into a database in order to extract, reveal, modify, delete or corrupt your data. Because many companies use SQL databases, this is one of the easiest and most common forms of attack. Protecting yourself against them involves some specific coding — you can find out more about it here.
» Cross-Site Scripting - This is another injection attack, but it’s one that targets your customers’ data rather than your company’s. This can destroy your reputation, as well as ruin the trust of your customers’ place in you. This is most common on websites that encourage user content, such as social media platforms or pages with comment sections. A web application firewall is the best way to prevent this sort of attack.
» Password Cracking - We all know that secure passwords are important, but most of us are still guilty of poor password etiquette. Attackers can obtain passwords in a variety of ways, from brute force scripts to simply rummaging in office bins. In all cases, complex passwords are the first step, preferably ones using a password generator.
Why Are Small Businesses Particularly Vulnerable?
Larger companies may have huge amounts of appealing data for hackers to steal, but they also have the resources to protect it extremely well. This doesn’t mean that data breaches don’t happen to large businesses, but it is much easier to attack a small one.
Overall, 43 percent of cyber attacks target small businesses, but 61 percent of small- to the medium-sized business had experienced a cyber attack. Attacks on small businesses are on the rise, as hackers realize the potential for smaller attacks on more vulnerable companies.
The truth is that protecting yourself from a cyber attack or data breach costs a lot of money, and that’s money that most small businesses don’t have. You can practice common sense, hire reliable coders for your website, and train your staff to be IT-savvy, but aside from this, it’s mostly a matter of hoping you aren’t targeted by criminals. This is why you need to know how to recover if a data breach happens to you.
You May Also Like
If you are looking to own EHS management software, look into the SoftwareWorld's list of top health and safety management software. It will help you decide the best suited EHS management software.
How to Recover from a Data Breach
As established previously, most small businesses struggle to recover. But that doesn’t mean that you can’t do anything. Here are the main steps you will have to take.
» Assemble a Team - Bring in any experts you can find or afford to investigate the breach. A data forensics team is desirable but often prohibitively expensive for small business. Realistically speaking, for most small businesses, your “team” will be your IT team.
» Identify the Source - Find the source of the breach and the extent of it. If you have an Intrusion Detection System (IDS), this will be a lot easier.
» Damage Control - The exact nature of this will depend on the attack. If an employee account was used, block this right away. If your website has been compromised, shut it down to the public until you have dealt with it.
» Contact Authorities - Report the crime, being as helpful and compliant with their requests as possible. They may give you further instructions for limiting the damage and complying to post-breach regulations.
» Contact Affected Customers - Unfortunately, you can’t skip this part. Be upfront and honest with your customers and reassure them you are doing all you can. Let them know what information was compromised and what measures they may have to take to protect against fraud. The quicker you are, the better, and make sure the information reaches them by using several communication channels (email, text, phone call, etc.) This guide from CyberScout has some good advice on drafting this message.
» Implement New Security Measures - Reinforce security in any way you can, especially if the breach was due to human error. Re-train employees in cybersecurity measures and look into affordable security software for small businesses.
Data breaches can happen to anyone and are not necessarily your fault. The best you can do is prepare and prevent as much as you can, even if it's just by making sure your employees use strong passwords and know how to spot phishing attempts. If you do fall victim to an attack, react quickly and focus on keeping your customers and employees informed and satisfied throughout the process. Hopefully, you will be able to mitigate the damage and move on.
Lindsey is the co-creator of Outbounding, which connects your organization with the publishers and webmasters who care about your vertical.