written by
Zack Calloway

Small Business, Big Target: Why You Aren’t Too Small to Get Hacked

Tech Tips Network Security Ransomware 1 min read

There’s a false notion out there among small businesses that can be unimaginably dangerous.

It goes something like this: “We don’t need to worry too much about cybersecurity. We’re so small, no one would want to hack us.”

If you’ve ever been tempted to think something similar — and if your digital security efforts reflect this mentality — your business could be in danger.

The truth is, small businesses are big targets for cybercriminals. Your small business isn’t too small to get hacked, and it may even be an especially enticing target.

Here’s why, and some initial steps you should take.

Fort Knox and Convenience Stores

It’s tempting to think that hackers will always and only go after big, juicy, lucrative targets. And don’t get us wrong: hackers do go after big global corporations. Sometimes they even succeed. But everyday hackers are just as likely — if not more likely — to go after smaller targets.

To understand why, we’ll use an analogy from offline crime.

Which would you rather rob, Fort Knox or your local convenience store?

Your answer to that (very hypothetical, to be clear) question depends on a number of factors. But nearly all actual criminals would pick the convenience store. Here’s why.

Fort Knox (technically, the United States Bullion Depository next door) is an incredibly high-value target. A successful thief could make out with untold millions in gold. Your neighborhood convenience store, on the other hand, has at best a couple hundred bucks in the register, plus whatever beer a thief can grab.

But there’s a reason no one has ever successfully robbed the US Bullion Depository. It’s heavily fortified, with armed police patrolling at all times. Not only are you extremely unlikely to succeed in robbing, you’re very likely going to die in the attempt.

On the other side of the coin: people rob convenience stores all the time, and some not insignificant percentage get away with it. The security isn’t all that good, and so the risks are much lower.

You Aren’t Google, And Hackers Know It

You can probably see where we’re going with this. You aren’t Google, and cybercriminals know it. You don’t have anywhere near the troves of data that Google or Facebook or Target have. But you also don’t have anywhere near the kinds of strong defenses they have.

In other words, you’re the convenience store. You’re an easy, low-security target. Sure, the payoff is lower. But so is the risk.

Here’s where the analogy breaks down a bit. You may be a small player, but you likely have at least some very valuable data — data that’s worth more than the $200 in the convenience store cash register. Customer data, like social security numbers and payment information, can be quite valuable.

Threats Continue to Increase

Every moment of every day, numerous cybercriminals (and their computers) are using automated tools to try to break into systems. Some of these are as simple as login bots that use a list of compromised credentials to try logging into random places online. Eventually, something works, and attackers see what damage they can do.

Ransomware, identity theft and business email compromise are other threats you may be exposed to.

So Do the Risks to Your Company

Don’t forget the risks a breach could create for your company. You could lose out on revenue, face financial penalties, have to pony up for ransomware, and so forth. And the damage to your company’s reputation could be even worse than the direct financial repercussions.

Solutions: Awareness, Training, Password Management

So, what should a small business like yours do to minimize risk?

Regular employee awareness initiatives and ongoing digital threat training are two keys here. Employees need to be able to recognize phishing emails, spear phishing campaigns, and other signs of a potential breach.

You can equip them for this by conducting ongoing training (working with your managed services firm to do so). Robust password management is also crucial in minimizing the risks associated with stolen, reused credentials.

As always, Blue Ridge Technology is ready to assist you in creating (or tightening up) an effective cybersecurity plan for your small business. We’re ready to chat when you are.

Network Security ransomware small business tech tip