You Don’t Have to Be a Fortune 500 Company to Be a Target
Sometimes when we talk about the risk of data breaches, it’s very easy to underestimate the danger and make excuses for not taking extra precautions.
My business is too small to be a target.
I’m based out of the Midwest. These things don’t happen here.
If it happens, we’ll just hire someone to fix it.
Sadly, these assumptions are completely false. Small to mid-sized companies are a prime target for digital interlopers. According to Verizon’s 2019 Data Breach Investigations Report, 43% of targets are small businesses. Hackers believe, often rightfully so, that these smaller targets don’t do enough to protect themselves. And thanks to the interconnectedness of our digital world, these hacks can happen anywhere from Hong Kong to Fond du Lac, Wisconsin.
As an example, just this last month, a Milwaukee-based company was hacked and had its data held for ransom. Virtual Care Provider Inc. staffs around 200 employees and provides IT support and data storage for nursing homes across the country. Due to the hack, many of its care facility clients were unable to access critical information they need to operate their business such as patient records and prescription information.
To make matters worse, the attackers were requesting a $14 million ransom, an amount impossible to pay. This meant that the data was essentially lost to the company. No amount of outside security would be able to fix the damage that was done. The company would need to rebuild its servers from scratch – a significant loss in time, revenue and manpower – not to mention, customer trust.
So, take this as a precautionary tale. Data breaches can happen anytime, anywhere. You don’t have to be a Target or Macy’s. In fact, hackers prefer if you’re a smaller, unprepared business. But there are things you can do to prepare. Whether we’re talking about ransomware or an actual hack, here are a few quick tips:
- Install file integrity monitoring software anywhere you accept payments. (We can’t state enough how valuable file integrity monitoring is!)
- Use two-factor authentication anywhere and everywhere you can, especially with programs that are customer-facing or anything that can be accessed remotely.
- Be aware and educate your staff. Attackers love simple tactics because they work. Make sure your team knows the warning signs for phishing scams and to avoid clicking on suspicious links or files in emails.
- Have a qualified external company conduct a thorough security gap analysis. This will shed light on areas of vulnerability so you can fix them before the unthinkable happens.
Wind River has always been a security-first company. Security and payments go hand in hand. If any part of what you read above made you nervous, let’s talk. Our security experts can identify gaps in your protection and guide you to a more secure payments environment. In the meantime, check out our latest video on how to mitigate your security risk during the holidays.