Are small businesses under increasing risk of cyber-attacks?

cyberWhen it comes to cyber-security, high-visibility data breaches get all the press, which is understandable.

But small businesses are also victims of cyber-attacks.  And sometimes those events can be financially devastating.

Now a newly published survey quantifies the extent to which small businesses are at risk.  The National Small Business Association polled nearly 850 U.S. small business owners (most with annual revenues between $500,000 and $25 million) in August 2013).  The NSBA survey found that nearly 45% of the respondents’ businesses had been the victim of cyber attacks such as malware, spyware or banking Trojans.

The average cost of these cyber attacks was reportedly nearly $9,000 – with some dollar amounts going much higher.

Separately, another study shows that a record number of cyber attacks targeted small businesses in 2012.  Verizon’s Data Breach Investigations Report examined 855 data breaches and found that over 70% of them involved victim companies with fewer than 100 employees.

Verizon’s 2013 report is showing a continuing increase in cyber attacks on small business, meaning that 2012 was no fluke.

What’s going on here?

According to the Verizon study’s conclusions as well as comments from security experts like Vikas Bhatia, small and medium-sized businesses could be doing a better job of “offensive defense.”

Among the mistakes commonly observed in small businesses are these:

  • Lack of conducting regular backups of business data
  • Neglecting to store backed up data offsite
  • Failing to test data restore functions on a periodic basis
  • Neglecting to keep antivirus software up to date, including software patches and updates
  • Practicing sloppy password protection behaviors (using plain-language passwords … using identical passwords across multiple accounts, etc.)
  • Not understanding cloud-based data storage and what outsourced providers’ liabilities are (and are not) for protecting data

There’s no question that cyber-security continues to be a big challenge – and probably a growing one – for many companies.

But it’s also pretty evident that many businesses could be doing more to protect themselves from the heartburn (and financial fallout) along the way.