Nearly half of small businesses have experienced a data breach

Think that because you’re a small businesses, hackers won’t target you with a cyber-attack? Think again.

Data breaches and various cyber-attacks are in the headlines daily, as hackers target businesses more ferociously than ever before. One key theme with the media coverage is the size of the businesses; Merck, Maersk, the NHS, British Airways… it’s not exactly relatable to the smaller business. This leads to the assumption that only large enterprises are targeted with cyber-attacks, but that couldn’t be further from the truth.

New research from Kaspersky has found that 42% of small businesses experienced at least one successful data breach in 2017. What’s more, 27% had been the victim of multiple successfully executed breaches.

These stats are eye-opening enough, but this doesn’t take into account the failed cyber-attacks attempted against small businesses. It’s difficult to quantify this without a solution like Sophos Intercept X, which includes a feature called root cause analysis that identifies both attempted and successful breaches, but a much higher number will have undoubtedly been targeted.

What’s striking about these breaches is that 40% included the sensitive data of customers, meaning those businesses would be in hot water with the Information Commissioner’s Office (ICO) under GDPR. because this survey covered breaches in 2017, the potential fines would pale in comparison to the eye-watering penalties the ICO is able to hand out.

It’s even more interesting that, according to another Kaspersky survey from last year, 72% of small businesses were confident that they were adequately protected against cyber-attacks. This means either the media focus on large companies experiencing data breaches has lulled small business owners into a false sense of security, or that senior executives are not aware of the level of cyber security needed to keep their businesses safe.

We recommend a synchronised approach to IT security that has multiple walls of defence. At a very basic level, email filtering and quarantining will keep out simplistic cyber-attacks – the poorly-spelt messages with dubious links, or promises that a faraway Nigerian prince has chosen to leave his millions to you. But hackers are more sophisticated than ever, and therefore your IT security plans need to be, too.

Solutions like Sophos Synchronised Security and Intercept X protect your business against a myriad of attacks, including ransomware and attacks that target your endpoints and firewalls. Encryption is a powerful tool that not only renders your data unintelligible, should hackers get their hands on it, but it’s actually recommended as a solution in the GDPR documentation.

Want to know more about how your small business can create a secure environment that hackers won’t be able to penetrate? Check out some of our blogs that’ll show you how to do just that: