It may come as a surprise to many, but the source of most small business data breaches – about 80 percent – come from employees who either violate protocol or misuse their access privileges and use company computers for personal use. More than one of the data breaches that have made the news involve an employee who opens an attachment in an email which then opens the door for hackers. Because small businesses are usually fairly informal when it comes to employee behavior and computer security, they are at a greater risk for a hack attack.
Small businesses are always having to juggle capital in order to keep the lights on, which can sometimes make it tricky to find the money to pay for expansion. When the decision needs to be made how to allocate financial resources, computer security often takes a back seat. One reason for the thinking is that “it happens to the other guy.” This is not faulty thinking as much as it is the company not being on the radar as much as bigger companies. If you have not heard of Crooks Clothing in the small town of Clarion, Pennsylvania, then the point is made. Why would a hacker who is looking to make a significant amount of money target this small business in a small town? Yet as the bigger targets ramp up their security, smaller businesses will be next in line.
This does not have as much to do with the “it happens to the other guy” attitude as it does with believing that basic computer and network security is sufficient for the current demand. The attitude ends up being contagious and spreads throughout the company to the aforementioned employees who adopt the thinking that using the system for personal use is an understood benefit as long as it does not impact their productivity. When a small business puts its computer security on a lower priority echelon than sales, the possibility of a compromised system increases.
Under the Radar
Because small businesses are small, they generally do not attract as much media attention when a data breach occurs than a well-known company such as Target or Sony. Should a breach occur, it will likely not become a public issue, especially if no customer data have been compromised. But with the emphasis on customer data, it can be overlooked that a company’s financial data is also a critical factor with the issue of data security. Client data, as opposed to customer data, can provide a competitor with valuable information and directly contribute to a loss in sales. If there is one database that is critical to the success of a small business it is their client contact list.
The natural question to ask is why small businesses do not take the threat of hacking more seriously. Cost and attitude are two reasons, but perhaps the greatest reason is the fact they are small. Serious hackers cannot be bothered with the simple security measures of a small business because where is the challenge? The overall assets and valuable data in a small businesses’ system is not great. The thinking that the time for computer security to be taken seriously will be when there is sufficient growth to justify spending financial resources on security. A problem with the thinking is that the lack of security may be the one factor that will prevent the company from continual growth.