Introduction
In recent years, small businesses in the United States have increasingly become targets of cyberattacks and data breaches. This trend highlights the urgent need for enhanced cybersecurity measures to protect sensitive information and mitigate financial losses.
Description
A significant 81% of US small businesses experienced a data or security breach last year [1], according to the Identity Theft Resource Center (ITRC) [1] [3]. This marks an increase of eight percentage points from the previous year for organizations with fewer than 500 employees [1]. Alarmingly, fewer than 20% of these businesses have not faced a cyberattack, data breach [2] [3] [4] [5] [6], or both in the past year [4] [5] [6]. The number of businesses reporting data breaches rose to 26% [3], while those facing both cyberattacks and data breaches increased to 39% [3]. Additionally, the frequency of data breach notices has surged [6], with over 43% of victims receiving at least two notices in the past year [6], up from 29% the previous year [6]. Financial losses from these incidents have significantly escalated [4] [5], with the average financial loss now exceeding $500,000—more than double the previous year’s figures.
In response to these growing threats, 80% of small businesses are implementing preventative measures, including staff training (88%) [1], investing in security tools (65%) [1] [3] [4] [5], and increasing their security budgets (67%) [1]. Small businesses are also reducing the amount of personal data they collect and expanding their budgets for IT training and vendor due diligence, particularly in light of rising supply-chain attacks [3]. Compliance with state privacy laws is driving investments [3], with 20 states having enacted comprehensive laws that enhance consumer control over personal information and mandate data security practices [3]. A significant majority of small business leaders are aware of these new requirements [3], although many express concern about compliance [3].
Cybercriminals are increasingly targeting small businesses [4] [5], partly due to their limited resources for cybersecurity [2]. A notable 60% of small business owners express concerns about cybersecurity [2], yet only 23% feel adequately prepared to handle a cyberattack [2]. As these businesses digitize [2], the risk of data breaches escalates [2], underscoring the critical need for proactive measures to protect their information.
To enhance security [2], small businesses should regularly update their devices to protect against the latest threats, use strong authentication methods such as memorable passphrases and multi-factor authentication [2], and implement anti-virus software and VPNs to prevent phishing and malware attacks. Maintaining up-to-date backups in separate locations is essential for recovery from cyberattacks [2], while using DMARC tools can help protect email addresses and domains from unauthorized use. Additionally, assessing the cybersecurity of supply chains and third-party systems is crucial for identifying and mitigating risks.
The ITRC offers various low and no-cost resources to assist small businesses in improving their cybersecurity practices. Overall, these substantial changes to cybersecurity measures may lead to a reduction in identity crimes in the future [3], particularly during high-traffic periods like the holiday season [2].
Conclusion
The increasing frequency and severity of cyberattacks on small businesses underscore the critical need for robust cybersecurity strategies. By implementing comprehensive security measures, such as regular updates, strong authentication [2], and thorough assessments of third-party systems, small businesses can better protect themselves against potential threats. As these businesses continue to adapt to the digital landscape, proactive cybersecurity practices will be essential in reducing identity crimes and safeguarding sensitive information, particularly during vulnerable periods like the holiday season.
References
[1] https://www.infosecurity-magazine.com/news/80-us-small-businesses-breached/
[2] https://www.mastercard.com/news/perspectives/2024/why-small-businesses-are-big-targets-for-cybercriminals-and-6-steps-to-protect-them-this-holiday-shopping-season/
[3] https://securityboulevard.com/2024/10/small-businesses-boosting-cybersecurity-as-threats-grow-itrc/
[4] https://www.prweb.com/releases/identity-theft-resource-center-2024-consumer–business-impact-report-finds-consumers–businesses-making-changes-to-cyber-habits-302287041.html
[5] https://finance.yahoo.com/news/identity-theft-center-2024-consumer-115200132.html
[6] https://ediscoverytoday.com/2024/10/30/itrc-2024-consumer-business-impact-report-cybersecurity-trends/