Why Should Small Businesses Pay More Attention to Online Security
What is the difference between a local dentist’s office getting hacked or the servers at Yahoo getting hacked? According to experts, the dentist’s office is less likely to have a plan in place for effective response to a hack. Therefore, the Federal Trade Commission (FTC), a government body aimed at regulating businesses for protecting consumers, as well as other nongovernmental agencies have increased their efforts for educating small and medium-sized businesses in risk management. This is primarily because they are more vulnerable to data breaches.
Maureen Ohlhausen, the acting chairman of the FTC, said that online security remains a very strong issue for small businesses. Speaking on Monday to a panel at Nasdaq in New York City, she said that there has been an increase in data breaches of small businesses and the problem is that these corporations don’t have the proper resources for defeating these attacks or withstanding their impacts. The National Cyber Security Alliance (NCSA), a public-private digital security and privacy organization, hosted the panel.
Last Wednesday, Ohlhausen had also raised the same topic in front of the House of Representatives and had also shed some light on the efforts being made by the agency to aid small businesses in addressing the risks they are facing. Small businesses have become a target of hacking attempts and breaches because they are in possession of employee and customer information that can come in handy. This is mostly sensitive data such as social security numbers, credit card information, health information, and vendor information. Moreover, these businesses also provide hackers an access point to larger corporations and organizations that would be otherwise difficult to compromise.
In recent years, a number of such hacking attacks have been carried out and small businesses have been targeted. All kinds of businesses, ranging from small online retailers to toy companies and skate parks have been victimized. According to a report provided by Symantec, approximately 43% of the cyberattacks that occurred in 2015 all over the world had been aimed at businesses who had less than 250 workers in their database. As per the analysis presented by Securitygladiators.com, when such a data breach occurs at a small business, the average cost is somewhere between $36,000 and $52,000. This cost estimate includes those incurred in mandatory forensic examination, notifying customers, liability for fraud charges, and also credit monitoring of affected customers for about a year. Of course, damages to their reputation and credibility is not factored into the estimate.
Since hackers have begun to target small businesses more frequently for stealing information, the FTC and also other nongovernmental bodies are now focusing on educating these businesses about the risks associated with such attacks. Since 2001, the FTC has charged a number of businesses in approximately 60 cases due to their failure of providing reasonable protection to the personal and sensitive information of customers they have stored. The Commission is hoping to encourage more self-regulation in these businesses, however. A ‘Start with Security’ initiative was recently released by the FTC in which they have provided a summary of lessons they have learnt in the previous data security cases.
The executive director of the NCSA, Michael Kaiser, said that small businesses typically tend to have poor security practices because they are not aware of their own susceptibility to such hacking attacks. The NCSA is essentially a nonprofit organization that often works with private sponsors in the technology field and the Department of Homeland Security. He said that small businesses are of the opinion that they are not of much value so they are not as vulnerable as their large counterparts. Just because a small business doesn’t have the 500 million logins and usernames that Yahoo has doesn’t make it any less of a target, though.
Kaiser said that in their move to educate small businesses about the importance of online security and protecting themselves from hacking attacks, they encourage them to follow the guidelines that have been laid out by the National Institute of Standards and Technology. These guidelines had first been issued in 2014 and they comprise of the steps that have become the mantra of online security: ‘identify, protect, detect, respond and recover’. Kaiser also added that there might come a time when businesses that don’t follow these common-sense rules will have to deal with legal and increased financial ramifications.
As for now, the onus is mostly on the businesses themselves to implement the rules that have been outlined for their protection and to save them from the cost they would otherwise incur if they are a target of a hacking attempt. Resources are offered by both the FTC and the NCSA to assist small businesses in improving their security measures, including training guides and videos. The purpose is to ensure that they have all the help they need to implement adequate data security practices and have protective measures in place in case any attempts are made to hack their files.
