SMBs are just as likely as large organizations to experience cybercrime
We only hear about the data breaches of the big companies like Equifax, LinkedIn and Yahoo because they are big enough to matter to the media.
Fact is, cybercrime is more likely to impact small to medium sized businesses and not for profits.
For years, smaller organizations enjoyed a free pass when it came to cybercrime, largely because of the perception that they didn’t have much of value in making the effort to steal anything.
Where individual leaked financial or health information has little value on the black market for hackers, they make up for it by “turning up the volume”
Who and what is to blame for these massive leaks:
- Lack of awareness and training,
- Sudden digital transformation born of the pandemic
- Proliferation of mobile and off network devices,
- Ease of procuring nefarious software by criminals
- Virtually non-existent consequences of getting caught
It means smaller organizations are now a tantalizing target: new pop-up clinics, new ecommerce sites, vaccination websites, hospital websites etc.
Verizon reports that 43 percent of data breaches in 2019 involved attacks on small businesses.
Twenty-two percent of those companies ultimately ceased operation due to the breach within 6 months.
What’s important to remember for SMBs is that cybercrime isn’t just theft of personal data – it’s using that data for
- Fraudulent purposes like creating new identities
- applying for credit, opening bank accounts
- Laundering money
- Registering for government services
Small businesses are treasure troves of personal customer data. Many small businesses maintain identifying data that includes names, addresses, phone numbers, spousal and family information, and financial information.
They are easy “targets”: making this data easy to get.
According to Varonis, when surveying 6.2 billion files, including ones that contained health records and financial information, about 1 in 5 were completely open for global access. About 2 in 5 companies will have over 1000 files open for anyone to see, including files with sensitive information.
While cyber-attacks are expensive and the data loss that occurs during hacks can be pricey to restore, the real cost is in the lost trust of the third party customer data. Security is an important investment for all businesses now. But there is no such thing as complete protection from a security breach.
Without an adequate privacy protections, organizations might not be able to recuperate from a breach of security safeguards.
We can help. Our MPC Practical Privacy Playbook helps to seamlessly embed practical privacy and security into your business operations: through appropriate and role-based awareness and training; breach management procedures and automation; identification of your personal data inventory and appropriate safeguards, and ongoing compliance monitoring.