IT Security and protecting data tops the list of concerns for large corporations and governments all over the world. Hackers and scammers develop increasingly sophisticated methods for penetrating systems, as several large banking scams have shown in the past year. With all of the coverage pertaining to large attacks, similar attacks on small businesses slip through the cracks.

A recent study by Verizon shows that 71 percent of daily attacks occur against businesses with fewer than 100 employees – a smart move by hackers, since these are the businesses least likely to have sophisticated security measures in place.

Unfortunately, the number of employees does not necessarily indicate the gross profits or amount of secure customer data stored on a business’s server. You may be sitting on a criminal's dream, in terms of customer credit card or financial data, or even just as a way in the door. Today's scammers have moved from generic phishing emails to highly targeted, personalized assaults. These are designed to convince the general public to turn over information via an unsecured access point.

For example, with a list of customer data and recent order information, a scammer can call your customers and get credit card information over the phone. After all, they are only calling to re-confirm an order, right? When your company is the source of the breach, it can cost you, in terms of lost customers and potential lawsuits. In fact, the average cost per attack for a small business is just under $9,000. This is a hefty bill that may or may not include lost profits in the event of a service interruption.

Tech savvy businesses already have plans in place to address IT security concerns, but even with top-of-the-line anti-virus evasion software and firewall protection, businesses still face other areas of vulnerability. Social engineering attacks have particularly vicious real-world applications. The old saying about teaching a man to “phish” and having him use your credit card to buy dinner only scratches the surface. A social engineering attack takes information posted on social media sites, and creates believable stories that target employers. After all, someone who knows the names of your kids can automatically avoid the suspicion people feel toward strangers.

With all of the avenues of attack available to cyber criminals, small businesses need to be more vigilant than ever. Over and above the costs of an attack, there are also potential fines for failing to protect Personally Identifiable Information or Protected Health Information. These fines can cost $50,000 per occurrence.

Regular vulnerability assessments, combined with strategies to detect and prevent intrusions, help to minimize the risks of data loss. Staff education is another crucial element to creating a truly secure cyber environment.

Key Takeaways:

71 percent of cyber attacks target small businesses.
Cyber attacks hit both systems and personnel.
Financial losses due to a successful attack can be substantial.
Protect your systems with up-to-date anti-virus software and managed next-generation firewalls.
Expose yourself and your employees to ongoing, comprehensive cyber security educational programs.