BBB: Small businesses should prepare for cybersecurity attacks

Danielle Kane, Better Business Bureau

Cybersecurity attacks are a scammer’s way of trying to steal money or data from your business — or even from your customers.

A scammer’s success could be a business’ demise. The Better Business Bureau warns it is paramount for small business owners to implement necessary cybersecurity policies and practices. And they must also take the time to educate themselves and their staff.

According to Kaspersky Labs, a single data breach has a financial impact of $86,500 on small-to-medium size businesses. Many times, hackers want money or access to accounts.

But more valuable than that is businesses’ data. The information of the business owner, as well as the personally identifiable information of their customers or clients. In addition to stealing money, a hacker would likely want the credit card information of the customers. 

What’s most important to note is that hackers don’t always care about a business’s data. They only want its accounts because they know it’s valuable to the business. So, the question is, how valuable is the data to the business owner, and what are they willing to pay to get that data back? This tactic is a common cyber-attack we call ransomware. Though ransomware is very common, BBB does not have just one cyber threat that wreaks the most havoc. All cybersecurity breaches cause damage to business owners. The breach can cause damage financially or to the businesses’ reputation once the attack is made public. For business owners, probably one BBB sees the most of is malware, which is sent via a link or attachment to an employee’s email. When it’s opened a virus is downloaded onto the business’s computer system, compromising the businesses data in some way or giving the scammer access.

Therefore, it’s critical to train employees. This includes making business transactions a transparent event, where a manager or employee must check with others before making a significant transaction or releasing information. Additionally, businesses must regularly train employees on scams and how to handle the situation. And finally, keep the lines of communication open on this topic.

Now, you may be thinking, “I’m a small, family run business, what would a hacker want with me?” But don’t think you’re not a target. Small businesses, like individuals, are susceptible to scams. Con artists rely on gaps in knowledge, awareness and preparedness among small business owners and their employees to successfully perpetrate scams. The research available on the topic suggests small businesses are particularly vulnerable to scams. Small businesses that do not report scams are likely to be subject to repeat attacks and are particularly susceptible to online fraud. Again, this is why BBB advocates to have a cyber program in place, which means understanding how it works and not just outsourcing it and forgetting about it.

Nine out of 10 businesses reported having some cybersecurity measures in place, according to the BBB 2017 State of Cybersecurity Among Small Businesses report. These measures included antivirus, firewall software and employee education. Additionally, BBB Accredited Businesses are almost three times as likely to include cybersecurity insurance.

Keep in mind, some of the financial risk of cybersecurity incidents can be transferred to insurance companies, a move that makes sense when the insurance cost is less than providing additional cost-effective protections. In our study, approximately 15% of businesses had cybersecurity insurance in place to cover primarily payment data, personally identifiable information and incident response. Cybersecurity insurance is one way to keep companies insulated from the egregious effects of cybercrime.

To protect your business, BBB recommends our five-step approach:

• Understand how best to identify an attack.

• Have a plan in place to protect vital data and technology assets.

• Have technology in place that can detect risk.

• Craft a policy for how respond to cybersecurity threats.

• Recover from a cybersecurity incident by resuming normal operations.

— Danielle Kane is 
the Better Business Bureau marketplace manager for Portland. She can be reached at

Recommended for you

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.