Many small business owners across the country may think that a data breach can be safely filed under "Things that will never happen to my company." However, studies routinely show that a large and growing number of such enterprises are hit with these incidents each year, and anecdotal evidence likewise suggests that smaller businesses are actually being preyed upon more often by hackers.
The reason for this is simple: While there are news stories every few months about how a major company like Target or the Home Depot suffered a major hacking attack that caused payment data for millions of customers to be leaked, the only reason these make the news is because of how big the breaches are in the first place. Very infrequently will stories detail a small laundromat in Chicago (just for example) being hit by a hacker, but that doesn't mean it doesn't happen with regularity.
Why is that the case?
There's a pretty easy way to come to this realization. Hackers likely take weeks or months trying to crack the security systems of major chains, which can devote millions of dollars to IT security each year and have entire teams of employees whose sole job is to fight back against these attacks. Meanwhile, there may be many small businesses that can't afford much more protection than a consumer-quality firewall and anti-virus software. As such, they can be targeted much more quickly and easily.
And of course, while the treasure trove of names they'd be likely to get in a successful attack against a major corporation is going to be huge and likely quite valuable if they can sell stolen credit card data on the black market (potentially in the hundreds of thousands of dollars or more), the amount of work versus chance for success is probably minimally interesting. But if they can steal a few thousand dollars' worth of data from a small company in the course of a day or two, that's probably going to seem like a more valuable target, especially if they can attack a few companies per week.
What can be done?
Fortunately, understanding that this threat is real is one of the biggest steps owners can take. That might allow them to better educate their employees about the risks as well, and tell them the various signs of a potential attack for which they should be on the lookout. For instance, one of the most common ways in which hackers are able to gain access to small business networks is through simple phishing schemes in which they send an email or make a phone call posing as someone who works for a company with which the small business works, such as an internet service provider or bank. However, entrepreneurs should be quick to remind their employees that no legitimate company ever asks customers or clients to provide log-in data via email or over the phone.
Owners can also use this knowledge as an impetus to improve their software protection and so on, such as by adopting encryption software that makes the data they protect all the more difficult to crack even if it is stolen.
Finally, because the fallout from such a data breach can be costly, it might be wise to build adequate insurance and other protections into a company's overall financial plan so that if these incidents do come along, they can be handled quickly and easily.