Being little make you invincible? The third of small companies that suffered a data breach wouldn’t agree
Around 36% of small businesses have been victims of data breaches in 2019, according to a recent Kaspersky survey1.
While data breaches threaten small companies with painful consequences, the survey revealed that security measures taken by them to prevent such incidents are often insufficient.
Although stories about cybersecurity incidents in companies with under 50 employees rarely make newspaper headlines, a data breach for a smaller company may directly impact their business. As their resources are often limited and concentrated on business growth, they regularly have to stop or slow down their work processes and risk losing profit with every passing hour or day of downtime. If customers’ personal data has been affected, the small business can lose customer trust and face financial penalties for breaking regulations, for example, such as GDPR.
The survey findings demonstrate that small companies suffer from data breaches, and the number of those affected is growing year on year, and most significantly, faster than in any other sector. Though the share of those who fell victim to data breaches is higher among SMBs (48%) and enterprises (53%), in smaller companies it has climbed six percentage points (from 30% in 2018) since last year. This means that even though all businesses have to deal with data breaches to some extent, for smaller ones the problem becomes more and more relevant and dangerous every year.
To avoid these consequences, small companies need to be prepared for data breaches. However, as the survey shows, in a third of them (33%), there is no centralized cybersecurity management, and maintaining protection on a specific computer remains on the responsibility of each individual employee. In addition, some companies use consumer products for protection (25%) and while these can provide a certain basic level of protection, solutions for home users don’t have specific functions that are necessary for business security. For example, only business-specific products offer protection for servers or centralized management.
“Smaller companies are often focused on how to make their business work and grow — just like they should be. They may not have cybersecurity among their top priorities, however, the cost for overlooking the problem will only grow. Why? Because malware doesn’t distinguish between its victims and because even very small organizations have something to lose, such as sensitive data,” comments Andrey Dankevich, Solution Business Lead, Kaspersky. “But the good news is that to be able to protect themselves both from malware and human factor risks, these smaller companies don’t need to invest much or hire advanced specialists. It is only a matter of choosing the right security product.”
To help small companies manage their cybersecurity Kaspersky advises them to:
- Teach employees cybersecurity basics, for example, to not open or store files from unknown emails or websites as they could be harmful to the whole company.
- Regularly remind staff how to deal with sensitive data, for example, to store only in trusted cloud services with authentication switched on, do not share it with untrusted third parties.
- Enforce use of legitimate software, downloaded from official sources.
- Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that can become a reason of a breach.
- Use a dedicated cybersecurity product for small businesses that demands minimum management allowing employees do their main job but protects from malware, ransomware, account takeover, online fraud and scams. Kaspersky Small Office Security protects from malware and roll-backs malicious activities, helps keeping file servers protected enforcing password policy; protects payment details during online payments and allows encryption to keep sensitive data protected on devices.
More information about data breaches in small businesses is available on Kaspersky blog.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
1As part of its IT Security Risks Survey Kaspersky surveyed 1138 companies with 1-49 employees on April 2019.