Big Stakes for Small Business Security – Can your Business Afford an IT Security Incident?
Woburn, MA – September 26, 2013 - There’s nothing small about “small” business. Within
the global economy, small-to-medium sized businesses (SMBs) collectively
generate trillions of dollars and employ millions of workers. SMBs are
typically categorized as businesses with fewer than 500 employees, but what
about the smallest of all businesses? According
to IDC estimates, there are approximately 80 million businesses worldwide that
operate with fewer than 10 employees. These “very small businesses” are
often operated in homes, and the business’s “founder and president” is usually
the same person who orders paper for the printer. And yet these organizations
will process millions, if not billions, of dollars in 2013.
Another reality of
these 80 million very small businesses (VSBs) is that the vast majority don’t
have employees or resources dedicated to building their IT networks. In many
cases, the same employee responsible for ordering printer paper is also
responsible for maintaining the computers and networks that keep VSBs connected
to their customers.
Despite their smaller
size, VSBs have some key needs in common with their larger business
counterparts, in particular the need to protect important data – such as
customer data and their own financial information – while banking online and
processing customer orders. They share an unfortunate similarity as well – they
can easily become victims of cybercrime.
Too Small to Be Noticed? Two common assumptions
shared by small businesses, and particularly among VSBs, are:
small business is safe from cybercriminals because they won’t waste their time
small business doesn’t have anything worth stealing
There is plenty of
evidence to contradict the first point. For instance, in Verizon’s 2013 Data Breach Investigations
Report, which includes
data from worldwide forensic investigations, found that of the 621 data
breaches analyzed, 193 breaches – more
than 30 percent – occurred at companies with 100 or fewer employees. The
second point is equally untrue, since whenever a business makes a sale online,
they almost always access some form of private customer data, such as their
name, address, and credit card number. This basic information certainly has
value to cybercriminals, and the financial information of the small business
itself has value as well.
In fact, some
cybercriminals prefer targeting very small businesses instead of larger
businesses, since they believe many VSBs aren’t fully protected and are thus an
easy target for a quick pay-day. Like all predators, cybercriminals set their
sights on the weakest targets and with a lack of budget, and low levels of
staff sophistication in an area such as security, VSBs are making an easy
target. Cybercriminals also assume there is a lower chance of actually being
What Are the Consequences? For a fledgling
business, a single security incident can easily push it into financial ruin. According
a 2013 Global Corporate IT Security
Risks survey (conducted
by B2B International, in conjunction with Kaspersky Lab), the worldwide average cost of a data breach for
a small or medium sized business can be as high as $36,000 USD. This sum includes
the average amount of lost business opportunities, as well as costs to hire an
external IT expert to remediate the immediate problem, and possibly purchase
new equipment. For a very small business, a 5-digit cost to respond to a
cybersecurity incident can be a crushing blow. Beyond the immediate costs, a
security breach can also create a more long-term and intangible effect – the
loss of your customers’ trust.
Quote: Mark Bermingham, Director, Global Product
Marketing, Kaspersky Lab “If a customer is forced to cancel a credit
card because their personal information was stolen from a business, that
customer will likely be angry enough to never purchase from that business
again. For VSBs that offer services involving sensitive information – such as
tax records found in small financial services businesses – the customer could
potentially sue the business. Lastly, many businesses are required by law to report
certain types of data breaches. If their security practices are deemed to be
below the minimum requirements set by industry regulations, the business could
face steep fines.”
So what should VSBs do to protect themselves?
Here are 3 quick tips:
1) Understand that no company is “too small to be noticed” by the bad
guys – even small companies have intellectual property, bank accounts, and in
most cases, customer data.
2) Keep it Simple – Small businesses should select SMB-specific
software or select vendors that are well-known for providing intuitive,
comprehensive security software in order to avoid the trap of paying too much
for something they will struggle to use.
3) Key Areas for Investment – Look into Encryption technologies after
you’ve invested in basic anti-virus. Data encryption is vital for any company
that processes and stores the payment information of customers, and is often
required by law. If encrypted data is stolen or lost, there is a good chance
the criminals will never be able to harvest the stolen data, leaving your
Kaspersky Lab Kaspersky Lab is the world’s largest
privately held vendor of endpoint protection solutions. The company is ranked
among the world’s top four vendors of security solutions for endpoint users*.
Throughout its more than 15-year history Kaspersky Lab has remained an
innovator in IT security and provides effective digital security solutions for
large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company
registered in the United Kingdom, currently operates in almost 200 countries
and territories across the globe, providing protection for over 300 million
users worldwide. Learn more at www.kaspersky.com.
Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, John
Girard, Neil MacDonald, January 2, 2013.
* *The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by
Vendor, 2011. The rating was published in the IDC report "Worldwide
Endpoint Security 2012–2016 Forecast and 2011 Vendor Shares (IDC #235930, July
2012). The report ranked software vendors according to earnings from sales of
endpoint security solutions in 2011.
 Verizon Communications
Inc.'s forensic analysis unit