Get All Access for $5/mo

Why Your Small Business Is at Risk of a Hack Attack In the wake of the Target and Neiman Marcus data breaches, startups and small businesses should realize they aren't immune.

By Heesun Wee

This story originally appeared on CNBC

The data breaches at Target and Neiman Marcus have expanded, as millions of consumers' personal information has been stolen. Large retailers naturally are paying more attention to securing data, but the threat may be heightened for small to midsized businesses.

Smaller ventures are particularly vulnerable because cybercriminals know they likely spend less to protect their digital information and infrastructure. Cheaper security measures also tend to be static, meaning those systems don't evolve to keep up with criminals' newest tricks.

It's not like small businesses haven't already felt the wrath of breaches before. Last year, 31 percent of all attacks were aimed at companies with less than 250 employees, according to Symantec's 2013 Internet Security Threat Report. Data breaches "already are happening among smaller employers. It's not happening with any lower frequency than the Targets you're reading about," said John Rose, a security expert and senior partner at The Boston Consulting Group.

"Security is a dynamic environment," said Pat Calhoun, senior vice president at McAfee, which is part of Intel and offers security solutions. "It's not just a single firewall and you leave it alone." Less ambitious, fixed security measures in turn attract cyberthieves because those stagnant systems allow criminals to more easily nab personal data--then slip away undetected for as long as possible.

So how can upstarts protect themselves against crime? A regular monitoring of online security is a start. Los Angeles-based Art of Tea is a tea importer and wholesaler with a staff of 25 in the U.S., plus additional support in Asia and India. The team includes two people who are dedicated to security as the bulk of its business is done online, said business owner and Chief Executive SteveSchwartz.

Art of Tea's online security system costs roughly $100 a month, plus an additional charge per online transaction, Schwartz said. The system alerts the small business when there's suspicious activity, just the way a consumer is alerted to an odd credit or debit card transaction.

Schwartz said security is a priority because cybercriminals don't discriminate based on business size. "We're just as sensitive and susceptible to what's happening with Neiman Marcus," he said.

Target and Neiman Marcus

Target on Dec. 19 confirmed about 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15 last year, according to a statement. But there was more. On Jan. 10, Target revealed the data breach was in fact larger. Now up to 70 million consumers have had their personal information stolen including names, mailing addresses, phone numbers or email addresses, according to a statement.

Neiman Marcus last Wednesday said cyberthieves could have attempted to steal data from up to 1.1 million customers from July 16, 2013, to Oct. 30, 2013, Neiman Marcus Group President Karen Katz said in a statement on its website.

A merchant processor in mid-December last year notified the Neiman Marcus Groupof potentially unauthorized payment card activity that occurred after customer purchases at the company's stores including Neiman Marcus and Last Call. There have been no reports of fraudulent activity after purchases at Bergdorf Goodman, a spokeswoman said in an email.

Cyberthieves holy grail

Security experts say pursuing malfeasance undetected for as long as possible is the holy grail among cyberthieves. "When cybercriminals are going after intellectual property and financial data, their goal is to extract data and to do it stealthily," said Calhoun of McAfee.

A white paper from McAfee last July noted attackers who masterminded a major cyberespionage case in South Korea had remained hidden for years prior to the attack last March. The criminals zeroed in on multiple targets including banks and news agencies.

But whether the target is multinationals or mom-and-pops, awareness about cybersecurity is the first step toward a solution.

Roughly 77 percent of small firms believe their company is safe from a cyberattack--even though 83 percent of those firms do not have a written security policy in place, according to the National Cyber Security Alliance and Symantec. And unlike larger firms that could absorb a data breach, the consequences can be much more catastrophic for a smaller venture.

Digital data stewards

Wary consumers, meanwhile, are thinking twice about that next card swipe, maybe even walking a few extra blocks to get cash from a trusted bank. So what's the net effect?

Going forward, the retail data breaches may trigger more public awareness and even activism about the Internet and related issues including the volume of accumulated personal data. Rebecca MacKinnon, an expert on global Internet policy, argues public awareness about Internet liberties will grow in the way once-fringe environmental concerns moved into the mainstream.

Other experts say the retail data breaches and broader concerns about digital privacy--including whose monitoring your email activity--are pushing consumers to place more importance on companies and brands that protect personal data. In other words, customers increasingly are shopping for products and services with an evolving checklist that includes price, product quality--and which company is going to protect your personal data.

And with the proliferation of mobile devices and e-commerce, companies large and small that don't rate high on data stewardship stand to lose business. Said Rose of The Boston Consulting Group, "What's at stake is you will switch retailers, you will switch banks, switch credit card providers."

Heesun Wee is an editor at CNBC.com.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Growing a Business

5 Reasons Why Time-Tracking Can Put Your Business in a Chokehold

More and more businesses are adopting time-tracking software to manage their operations, but is it all it's cracked out to be?

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Looking for a Remote Job? Here Are the Most In-Demand Skills to Have on Your Resume, According to Employers.

Employers are looking for interpersonal skills like teamwork as well as specific coding skills.

Franchise

The Top 10 Coffee Franchises in 2024

From a classic cup of joe to a creamy latte, grab your favorite mug and get ready to brew up success with the best coffee franchises.

Business News

'Do You Sell Cars?': Tesla CEO Elon Musk Trolls Jaguar Rebrand on X

The team running Jaguar's X account was working hard on social media this week.