(Post 1 of the Small Business Threats blog series)
With this entry, I am beginning a series of blog posts that focus on threats specific to small businesses. Follow along and I hope to shed some light on areas where small businesses are vulnerable, the threats that stand to do them harm, and reasonable measures they can take to protect themselves. I’ve chosen to focus on this topic for several reasons. Primarily because I recognize that small businesses are significantly different than corporations and government organizations. Because of this, typical cybersecurity advice and best practices may not be very realistic for small companies.
Common small business threats
Small businesses are particularly vulnerable to things that larger companies typically don’t have to worry about. Poor weather, a reduction in tourism, bad reviews on the Internet, and new local competition can all have drastic consequences for a small business. Companies than rely entirely on the micro-economy of their local area to survive are particularly vulnerable.
Several companies and government organizations provide lists of typical significant threats that small businesses face. The Hartford’s Business Owner’s Playbook, Acadia Insurance, and even various Chamber of Commerce websites around the world weigh in on the subject. Most agree that small businesses are particularly vulnerable in an handful of ways.
Just about every resource I found listing the biggest threats to small businesses lists some variation of a cyber-incident. These can range from defaced websites to malware events that cause a loss of IT resources. Cyber breaches can be caused by unknown bad guys, but can also be caused by your own employees. Criminals often target small businesses because they tend to lack the expensive and complex security mechanisms used in much larger companies. Simply put, they are easy targets.
Cyber-incidents can occur in many forms, including:
- Email scams
- Social media hacks
- Websites defaced or taken offline
- Stolen customer payment card information
2. Loss of property
While not all small businesses even have real estate, almost all involve an office (even if it’s a home office), a vehicle, and relatively expensive equipment. The limited property that small businesses own is one of their most precious assets. For many, the loss of this asset can be devastating. Further compounding this vulnerability is a seeming endless list of things that stand to threaten your property. Natural disasters, fires, theft, and car wrecks can result in a small business losing their ability to continue to operate and make money.
3. Interrupted business
Larger companies that have multiple sites and deep pockets can often stand to shut down operations at a single location for a short time. For example, the 2019 United Auto Workers’ Union strike against General Motors resulted in a complete stoppage of production for more than 45 thousand employees and cost the company more than $2.5 billion. In the end, General Motors resumed business operations and will more than likely see no long-term negative financial impact.
Suffering a month-long shutdown would be catastrophic for many small businesses. That can be true even if it’s a partial shutdown. Consider a restaurant losing it’s kitchen for a month, a mobile dog groomer losing their website and social media access, or a limousine driver who cannot process credit or debit card transactions for a month. Now imagine these same companies experiencing these interruptions for longer, like six months or more.
4. Loss of employees
Small businesses do not always have the big-business luxury of being able to shift responsibilities to someone else when an employee leaves or is absent for an extended time. Critical management, financial, and IT responsibilities fall on the shoulders of only one or two employees in many companies. Losing one of these employees can mean a complete loss of that role in the organization.
Even when only considering unskilled labor, loss of employees can be detrimental. If your organization has 1,000 workers and you lose 10% of your workforce, it would probably hurt, but the remaining 900 workers could probably pick up the load fairly easily. But in a small business with only 5 workers, losing only a single employee can have a significant impact. It can mean that some jobs simply aren’t being done until that employee is replaced.
Small business and cybersecurity
Aside from cyber-incidents, it may be difficult to see how the reset of the above threats relate to cybersecurity. Throughout this series, I hope to clarify that question and show how cybersecurity principles can be applied to address all of these. I will take a closer look at specific threats to small businesses and describe principles and tools that can be employed to mitigate them. I believe that using these tools and principles, small businesses can easily become more resilient and able weather losses and incidents that might otherwise cause catastrophic harm.