Websites and Web applications are the most visible and vulnerable part of a company’s infrastructure so it’s no surprise that cybercriminals scan thousands of websites every hour in search of vulnerabilities. Today, 80 percent of website attacks are aimed at Web applications.
Unfortunately, when a security breach occurs, it’s not just consumer data that is compromised or a website that goes down. Consumer confidence and trust also falls, tarnishing a business’ reputation and ultimately affecting its bottom line. Consumers trust companies to be stewards of their information, not just prevent a breach. The loss of trust resulting from a security breach can translate into long-term declines in revenue that can – in some cases – exceed the financial hit a company experiences in the immediate aftermath of a security failure.
What does that mean for small and medium-sized businesses?
Big enterprise security breaches make for splashy headlines, which lead many small and medium-sized businesses (SMBs) to think they are immune to these threats. The truth of the matter is, it’s no longer a matter of if an SMB will suffer a security breach, it’s when. But unlike large enterprises, SMBs frequently don’t have insurance or financial resources to help absorb the costs of a security breach, leaving them even more vulnerable in the aftermath.
No matter what the size of a business, security breaches leave customers shaken – simply put, they lose confidence in the companies who failed to protect their information. This often means they take their business elsewhere, and SMBs, whose practices often feel like family, can’t afford this risk.
SMBs must remember that it’s not the size of a business that makes them vulnerable to cyber attacks, it is the data and resources: contact info, credit card numbers, health records, intellectual property, and even access to computing power to launch additional attacks. That means an SMB’s assumption that its business size would be too insignificant to attract cyber crime is incorrect.
So, what’s a business owner to do? To help stop breaches before they start, we recommend the following:
- Educate employees. A leading cause of data security breaches is employee error, so it is critical to educate and train employees up front.
- Ensure your website and Web applications are protected appropriately with specialized tools designed for these sensitive and highly-visible brand assets.
- Establish a security plan and engage with the right experts to put it in place. Website security tools utilize rapidly evolving data sets and hacking trends to find and fix threats and prevent future attacks.
- Understand that sometimes, technology isn't enough. It is critical to have access to professional security engineers and security services teams 24/7.
- Develop a crisis plan. If a breach occurs, to whom will you need to communicate and how? What will you do to ensure that you regain customer confidence?
If you do find yourself in this situation, remember that perception is reality and your brand is also a victim. Take the necessary steps to conduct an investigation, communicate immediately and openly with affected customers, and be timely and transparent throughout the process. Do what is necessary to win customers’ trust and loyalty back as quickly as possible. All businesses need to understand that security breaches can happen to anyone, anytime, anywhere and ensure they are ready to deal with security issues by preparing themselves to not only deal with attacks on their data, but the brand fallout that comes with them.