Small Businesses and the Threat of Cyber Crime

When corporate data breaches and fraud make the news, it’s usually because someone hacked into the records of a large company, like Target or Equifax. But it’s a mistake to think that big companies are the only ones being targeted. Actually, small companies are more susceptible and more likely to be hit with a data breach. In fact, 58 percent of malware attack victims are small businesses.

The average cost for a small- to medium-sized company to recover from a data breach is more than $86,000. That’s enough to ruin many companies. Clearly, smaller businesses must be prepared to prevent and cope with cybercrime.


Unfortunately, breaches are often the result of simple carelessness. A busy employee may have a momentary lapse of focus and unintentionally leave a password in clear sight, even if just for a moment. Or someone gets a bit lazy and commits the cardinal sin of using a simple password, like “12345.” It’s crucial that company officials demand strict password security and that only complex passwords be used, are never written out and frequently changed. If necessary, a password management program can help employees recover passwords while protecting security.

Small business owners should be aware they are highly vulnerable to the predatory acts of disgruntled ex-employees (or current employees) and hackers. That’s why it’s so essential to protect sensitive data by any means possible.

Sneak attacks

Employees must also be educated on how to spot malware attacks, like phishing and ransomware. These threats come packaged within an email, as a hotlink or attachment. Make sure your email system allows users to hover over a link to see its destination URL. Any link or attachment that seems suspicious or out of the ordinary shouldn’t be opened, and IT should be alerted. These attacks can be avoided through the installation of antivirus software and regular computer updates.

Initial steps

If your company’s computer security is breached, alert law enforcement authorities and consumer protection agencies immediately. Let your customers and impacted consumers know right away by phone and email (and regular mail, if mandated by law). Insert an announcement on your company’s website with details and who to contact with questions. Retain a credit monitoring company to make fraud and ID theft prevention available to customers (make sure they know you’re paying for the service), and investigate data recovery companies to help begin the process of recouping your data.


The Sarbanes-Oxley Act of 2002 (SOX) established rules and deadlines for compliance in the wake of a data breach. All public companies are required to comply, both in an IT and financial sense. SOX governs the management of electronic records and sets down what companies must do to be in compliance; it’s a landmark law aimed at protecting businesses as well as consumers. Be sure to refer to this information to see what compliance requirements are necessary as part of addressing the breach.

Cybersecurity protocol

Establishing a sweeping cybersecurity plan (or revamping an existing one) is a good way to take protective action and restore the confidence of your customers. Such a plan should include employee education about the threat of cybercrime; setting access restrictions for certain websites; installing (or upgrading) anti-Malware and anti-virus software; consolidating data storage; and mandating secure passwords. As part of your cybersecurity plan, you can hire a freelancer to help your business with these measures. You can find cybersecurity professionals like security analysts on online job platforms like Upwork.

Constant vigilance and the imposition of a comprehensive security plan are crucial for preventing costly data breaches. Consider assigning an IT official the task of updating security software programs and overseeing password security. And make sure a plan is in place for reaching out to customers should a breach occur.

Image courtesy of

Posted in

Multiply Your Success®

Franchise Your Business