Hackers Go After Small Businesses More Often Than Bigger Targets

While any business can fall victim to hacking and email fraud, multiple studies suggest the problem is particularly overwhelming for small and medium-sized enterprises. According to research reported by Forbes, smaller businesses are three times more likely to face hacking than larger organizations. Given this statistic, most small businesses likely need to focus more attention on data security to avoid experiencing crippling losses.

Tekie Geek offers several core IT services to help small businesses in New York and New Jersey maintain more effective cybersecurity and data loss prevention. Here, we explore why hacking is such a concern for smaller enterprises.

What Makes Small Businesses More Susceptible to Hacking?

Hackers often go after small and medium-sized enterprises because those businesses seldom have the same cybersecurity measures as their larger counterparts. This situation puts small businesses at more than a disadvantage with data security — it can lead to them shutting down operations altogether. One study notes that 60% of small businesses that suffer a data breach permanently close within six months of the incident.

Why are small businesses more likely to get hacked? Part of it stems from inadequate resources to devote to cybersecurity and in-house expertise. As a result, these companies often have weak points in their IT infrastructure that cyber criminals can easily exploit.

Another cause is negligence on the part of the business. If the executive team doesn’t believe it has the budget for data security or thinks it’s not worth the investment, it can expose systems to cyber threats. A small business may also overlook cybersecurity if its systems are outdated and cannot support up-to-date security software.

Without factoring cybersecurity into the budget, enterprises also risk not designating resources to employee training. You may have security measures in place, but if employees are not thoroughly trained in complying with them, they can make errors that may lead to data breaches. Training personnel to identify potential cyber-attacks and report them to the IT team can help mitigate the threat of malware, ransomware, and social engineering schemes that try to trick employees into revealing sensitive information or clicking on dangerous links.

Understanding Legal Obligations Under the NY SHIELD Act

A strong cybersecurity strategy is not only important for protecting your business against data loss — it’s crucial for adhering to New York state law. In 2019, the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) was put forth to amend the 2005 Information Security Breach and Notification Act.

Under this new provision, companies must notify consumers about potentially compromised private information when a breach occurs. They must disclose the incident as soon as possible to obey the guidelines of law enforcement agencies. The enterprise also needs to alert consumer reporting agencies if more than 5,000 NY residents are affected.

The SHIELD Act expands the definition of private information. The 2005 law describes private information as any personal data regarding an individual and at least one of the following components — creditor debit card number with security code, bank account number, social security number, or driver’s license number. Keeping these same qualifications, the SHIELD Act widens the definition to include passwords, usernames, email addresses, and biometric information.

The SHIELD Act also broadens the definition of a security breach to include any act that grants a malicious actor access to digital data that may compromise its security, confidentiality, or integrity. Most importantly, it requires organizations to develop administrative, physical, and technical safeguards to protect private information, further indicating the necessity of a cybersecurity plan.

Minimize the Threat of Hacking with a Managed Service Provider

Cybersecurity is vital for small businesses to avoid hacking and comply with state regulations but establishing a data security strategy can be challenging without proper guidance. At Tekie Geek, we deliver secure cloud computing and infrastructure protection through services like managed IT and business continuity. Additionally, we tailor our services to meet the unique needs of each client in New York and New Jersey, so you can have more peace of mind about your data security.

For a managed service provider with the expertise to improve your cybersecurity, trust the IT superheroes at Tekie Geek. With our services, you can focus on what matters most — keeping your business up and running. Contact us today to learn more about our team and services.

‍