Why you should care that small businesses have your information
What’s the difference between a hack at Yahoo (YHOO, US) and a hack at your local dentist’s office?
The latter is far less likely to have a plan in place to respond properly, experts say. Now, the Federal Trade Commission (FTC), a government agency that regulates businesses to protect consumers, and other nongovernmental bodies are doubling down on efforts to educate small and midsize businesses on risk management as their susceptibility to data breaches increases.
“This is particularly an issue for small businesses,” said Maureen Ohlhausen, the FTC’s acting chairman, while speaking to a panel at Nasdaq in New York City on Monday. “We are seeing a huge amount of data breaches target small business, but they don’t have the resources to withstand the impact,” she said at the panel, hosted by public-private digital privacy and security organization the National Cyber Security Alliance (NCSA).
Ohlhausen also spoke on the topic before the House of Representatives last Wednesday, addressing the agency’s efforts to help small businesses address these risks. Small businesses are targeted for their customer and employee information like credit card and social security numbers, vendor information, and health information as well as an access point to larger companies. Everything from skate parks to toy companies to small online retailers have been targeted in attacks in recent years.
Almost half of cyberattacks (43%) worldwide in 2015 targeted businesses with fewer than 250 workers, according to a Symantec report. The average cost of such a data breach for these small businesses is more than $36,000 and can be up to $52,000 including costs like notifying customers, mandatory forensic examination, credit monitoring affected customers for up to a year, and liability for fraud charges.
As small businesses are targeted by hackers more frequently, the FTC and other nongovernmental bodies are working to educate them on risks. The FTC has charged businesses with failure to provide reasonable protections for consumers’ personal information in approximately 60 cases since 2001, but the Commission is encouraging more self-regulation. It recently released a ‘Start with Security’ initiative, which summarizes lessons learned by the FTC with previous data security cases.
Michael Kaiser, executive director of the NCSA, a nonprofit group that works with the Department of Homeland Security and private sponsors in the technology field, said small businesses may underestimate their susceptibility to hacks, leading to poor security practices. “Small businesses think they aren’t at risk because they don’t have as much of value,” he said. “If you’re a small business you don’t have 500 million usernames and logins like Yahoo, so there may be some misconceptions they wouldn’t be a target.”
When educating small businesses, Kaiser said he encourages them to follow the guidelines of the National Institute of Standards and Technology, which were first released in 2014 and include the steps ‘identify, protect, detect, respond, recover.’ He said someday there may be insurance and legal ramifications for businesses that do not follow such common-sense rules, but for now the onus is largely on the companies themselves to implement them. Both the NCSA and the FTC offer resources, including training videos and guides, for small businesses in need of data security help.
Also see:7 ways to keep your smart home from being hacked
5 ways to keep the government from spying on you
If you have one of these horrible passwords, change it now
This article was licensed through Dow Jones Direct.
Tagged in: industry news
Learn how FIS can help you stay on top of industry trends and address your business challenges.Contact us