Opinion Extra

Hackers know small businesses are easy targets. Here’s how to bulk up against attack

Letter to The State editorial board


Hackers have breached half of the 28 million small businesses in the United States, according to the 2016 State of SMB Cybersecurity Report. And these attacks are only expected to increase.

About half of all cyberattacks target small businesses, which tend not to focus on cyber-security. I have worked with a number of small businesses that believe they are too small for anyone to worry about them. However, hackers know it’s easier to breach a small business with minimal protections vs. large corporations with huge budgets to protect themselves.

Hackers know that small business owners usually pay in ransomware attacks; that they have valuable data, such as financial information, customer records and vendor information, that can be used for identity theft; and that they often can provide access into other small business or even into large organizations.

The 2013 Target breach occurred because Target provided access to its network to a small HVAC contractor. Netflix was breached because an eight-person production company was granted access to the company network.

According to UPS Capital, the worst breaches cost small businesses between $84,000-$148,000; 60 percent of small businesses go out of business within six months of suffering a cyberattack.

MyersKimicoV (2)
Kimico Myers

But small businesses don’t have to be so vulnerable. At a minimum, they can ensure that anti-virus/anti-malware software is installed on all systems, including mobile devices. They also should apply operating system patches to all systems regularly and back up data remotely so they can recover their data if they’re attacked. It’s also a good idea to buy cyber liability insurance, encrypt sensitive data and make sure all your employees understand what to look out for and how important your company’s data is.

If your business does get hacked, you need to inform clients and customers immediately. Don’t wait until you have all information about the attack; this could take some time. You will want to take the affected systems offline and consult with IT professionals to discover the extent of the attack and trace it to its source. Also, notify local authorities. The breach could be part of a larger attack that authorities may be tracking. And finally, learn from your mistakes.

Kimico Myers


The State publishes a cross section of the letters we receive from South Carolinians in order to provide a forum for our community and also to allow our community to get a good look at itself, for good or bad. The letters represent the views of the letter writers, not necessarily of The State.