When small business owners read headlines about security breaches at Target and other multi-billion dollar companies, it can lead to the false notion that cybercriminals really aren’t interested in going after the “small potatoes” of the world. There’s mounting evidence, however, that suggests this mindset is not only prevalent — it’s harmful.
The 2013 Verizon Data Breach Investigations Report, which corroborates the findings of 19 global organizations on studying and combating data breaches, identified 621 confirmed data breaches in 2012. Of that number, 193 (31 percent) were from businesses with 100 or fewer employees and another 9 percent were attributed to organizations with between 101 and 1,000 employees. The average cost of a data breach, according to a 2010 joint study conducted by Applied Research and commissioned by Symantec, is $188,242 per year. Most SMBs would struggle with that kind of financial hit – and a good number would experience layoffs or worse as a result.
Shedding additional light on the subject is The Symantec 2013 Internet Security Threat Report, which notes that the attacks to small businesses in 2012 (which the report defines as businesses with fewer than 250 employees) were up 18 percent over the previous year. Additionally, McAfee, in conjunction with Office Depot, conducted a survey of more than 1,000 SMBs and found some additional surprises:
- Only 9 percent of SMBs use endpoint/mobile device security despite the widespread use of employee-owned devices (i.e. BYOD)
- 45 percent of SMBs take no measures to secure company data on employees’ personal devices
- 80 percent of SMBs don’t use data protection in general
- Less than 50 percent use email security
- Only about 50 percent use Internet security technologies.
Intronis Co-Founder and VP of Channel Development Neal Bradbury recently wrote an article on this topic, titled The What, Why and How of Small Business Security Threats. In the article, he lays out the four reasons cybercriminals do care about your SMB customers’ data, and he also lays out some practical steps VARs and MSPs can take to protect their clients. If you serve the SMB space and you’ve been leaving your customers’ security needs up to them — or up to chance — I’d highly recommend checking out his article and making SMB security a top priority right away.