Malicious hackers are continually turning to Small Businesses for targets for a very simple reason, they're easier to attack.
Your average small business owner doesn't have the time to ensure that their systems are kept up-to-date, and if you're a very small business (only 1 or 2 people), most of the time you're using computers you bought from your local computer shop, that weren't designed for use in a business, and therefore don't have the security systems in place that you would find in a system designed and built for businesses.
Am I At Risk?
You may be asking yourself why a malicious hacker would bother with attacking your business in contrast to some large multi-national company, again the answer is that you make an easier target because, as a small business, you are less likely to be dedicating a portion of your profits to security, and therefore less likely to notice if someone starts poking around where they shouldn't, than a large multi-national with a dedicated security department monitoring systems 24/7.
They may also use the computers they gain access to at your company to assist them in attacking larger, more secure systems, ensuring that any investigations launched by their ultimate targets dead-end with your much smaller systems, as you won't have the expertise or tools to trace them any further.
A survey conducted last year reported that 76% of small businesses that responded had a security incident in the previous 12 months, and only 20% said they would know if an attack had happened.
What Damage Can They Do?
The worst-case scenario is that, a sufficiently destructive attack could, should you not have backup procedures in place, shut down your business.
More than likely however, it will result in you losing some of your customers, especially if they find themselves the victim of identity theft or fraud due to the failure of your computer security.
You may also find yourself having to pay fines to government agencies such as the Information Commissioner's Office, should you be found to be in breach of the Data Protection Act. These fines can reach up to £500,000.
The same survey I mentioned earlier also highlighted the average cost to small businesses of a security breach as somewhere between £15,000 and £30,000. Could your business survive having to pay that should your customers data be compromised?
What Can I Do?
There are several things you can do as a small business to reduce the likelihood that you are going to be the target of a malicious hacker, or to minimise the damage they can do should they succeed. The most effective tool you have to help you determine if your system security is good enough is regular security testing, conducted by an external company like us.
Regular security testing will help you to spot issues with your security, or gaps in employee knowledge or awareness, and enable you to take steps to update policy, train staff and/or update systems/software before it's too late.