Why are SMEs more susceptible to data breaches?

Posted in Apps and mobile devices.

Cyber attacks and data breaches can happen to any business, of any size, operating within any industry. However, security risks do appear to be slightly higher for small businesses in particular, with 42% of SMEs experiencing at least one cyber attack per 12 month period. And the damages can be devastating.

But why? Why are small businesses more susceptible to data breaches and cyber attacks?

Firstly, and perhaps most obviously, small businesses are more likely than their larger counterparts to lack essential cyber defences. Not only that, but small businesses may also lack the necessary detection methods to identify a breach quickly and act rapidly to minimise the damage. Some breaches could go unnoticed for lengthy periods, and the average time from occurrence to detection is probably longer. Quite simply, small businesses are more likely to be unprepared to manage a cyber attack effectively, leaving them as an attractive target for hackers.

But it’s a common myth that all data breaches are the result of hacking. As they say in horror movies, the call could be coming from inside the house. Research into data breaches confirms that 1 in 5 data breaches are caused by internal error, and this isn’t all that surprising. In small businesses, especially in those with limited internal resources, skipping steps in established processes isn’t exactly unheard of. Think about that time you accidentally sent information to one client that was meant for another. It happens all too easily.

Cyber Risk in B2B Businesses

Small businesses are a top target, but the risk for small B2B businesses is perhaps even greater. Why? Well, let’s approach this from a hacker’s perspective. Where does the value lie: in stealing data relating to an individual, or in stealing data relating to a thriving business? Exactly. Essentially, small B2B sellers are a gateway to large B2B buyers, which means that B2B sellers really do need to stay on their toes!

Very few small businesses have a clearly defined cyber security policy in place. Now is the time to take action. Here are some helpful tips:

  • Generate a cyber security policy and ensure it is easily available to all employees
  • Boost awareness of risk within the workplace, arranging for relevant training if necessary
  • Only work with providers that are able to demonstrate a strong commitment to security
  • Identify weaknesses in your hardware, software, and processes through security assessments
  • Follow proper protocol when handling confidential data such as payment details
  • Look beyond IT; you should also consider the physical security of your building