Small Business Owners Boost Security after Breaches Wreak Havoc

Reading time: 5 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Small businesses’ concerns about cyber threats have shot up and the perceived risk will only grow as attacks involving all range of companies increase.

Some 60% of small business owners said they are concerned enough to take extra precautions including firewalls, offsite protected servers, multi-factor authentication, encrypted emails and multiple layers of password protection, according to a SurePayroll Small Business Scorecard survey.

The number of small business owners concerned about cyber security increased from 56% a year ago.

Most respondents (85%) said they would be willing to inconvenience customers if it meant better protecting customers' online security when using the company's products, services or websites.

"It tells you just how serious this issue has become for business owners, regardless of size," said Andy Roe, the CEO of SurePayroll. “It's not just the big chains that are focused on security right now. Small business owners understand that any sort of breach or lack of confidence when it comes to online security could have a big impact.”

The average cost for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154, according to Ponemon Institute. Some 47% of all breaches were caused by malicious or criminal attacks. Previously, these attacks represented 42% of the root causes of a data breach.

“A full-fledged cybercrime market has taken shape, where anyone can go in and bid for a malware tailor-made for a particular target and pay a developer to deliver it,” according to Liviu Arsene, senior eThreat analyst at Bitdefender. “These custom solutions even come with support services, just as any legal software solution would. Even someone lacking programming skills can commission the development of a malware and get a support phone number, where they can request assistance if they do not know to deploy the delivered application.”

Lost business due to data breaches, the most severe financial consequence, also costs companies more. The cost rose from an average of $1.33 million last year to $1.57 million in 2015, including the abnormal turnover of customers, increased customer acquisition activities, reputation loss and diminished goodwill.

Companies worldwide will spend USD 100 billion over the next 10 years on security solutions, which amounts to an annual growth rate of 10-15 percent, against the current level of USD 65 billion, Arsene adds, quoting recent studies in this field.

“There is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives and entrepreneurs to pay greater attention to the security practices of their organizations,” according to specialists from Ponemon Institute.

Small business owners’ optimism about the economy has dipped to its lowest so far this year (72%), the third consecutive month it has reached a new low. Optimism is significantly off its high in May – moving lower at the same time the S&P 500 has taken a significant dip, as SurePayroll Small Business Scorecard found. The survey compiles data from US small businesses with an average of six employees.

“Small business that have small or no security budgets, could opt for at least investing in consumer security solutions for each device,” said Arsene. “Not only that this guarantees endpoint security, but also protects sensitive data that’s usually stored on employee devices, usually deemed most prone to attacks.”

How small businesses can protect themselves from cyber-attacks:

• Use at least a consumer security solution, update it constantly and allow it to scan frequently

• Back up your data in the cloud or on an external device

• Use strong, unique passwords for your accounts and devices, and update them ideally every three months. Never use the same password for multiple accounts

• Consider outsourcing security. Identify your needs and pay monthly a subscription to a security or IT company

• Train staff to recognize phishing, spear-phishing and other types of online threats. The user is always the weakest link in the security chain