In this special contribution from Vagaro’s Director of Privacy and Compliance, Adam Zachs, CIPP/US, J.D., you’ll learn about:

Cybersecurity Is a Real Problem for SMBs

43% of cyber crime targets small business.

  • 43% of cyber attacks & data breaches in 2018 targeted small business

  • Cyber attacks were up 424% in 2018

  • Only 14% of SMBs are prepared for a cyber attack

  • It takes an average of 101 days to discover data breaches

  • 60% of SMBs go out of business within 6 months of a cyber attack

Sources: The SSL Store, Small Business Trends

Many small and medium business (SMBs) owners think cyber attacks and data breaches exclusively target larger national or chain businesses. But that couldn’t be further from the truth! Modern cyber scammers love an easy target. And because most SMBs don’t have the established cyber security and data defense protocols in place—or the resources to establish those protocols —cyber criminals see their businesses as an easy mark.

Likewise, most SMBs don’t have resources set aside to respond to a cybercrime attack, making them a low-hanging fruit for cybercriminals. The average cost of a cyber attack to a SMB is $200,000 or more, and most small businesses simply don’t have that kind of money set aside to deal with cybercrime. With less funding, dedicated cybersafe expertise, or advanced protection software to work with, as a small business owner, you may feel overwhelmed by the task of managing your business day-to-day while also defending it in cyberspace! But with a little bit of planning and making these best practices part of your business habits, you can make sure that when cybercriminals are looking for an easy mark, your business stays off their radar.

What Is Data Privacy Day?

Data Privacy Day is a public awareness initiative that originated in the United States and Canada in 2008, in response to the growing threats to cybersecurity. Today, the public awareness initiative is officially led by the National Cyber Security Alliance (NCSA) North America. The theme of Data Privacy Day 2020 is “Own Your Privacy,” aimed at educating SMBs and consumers about the value and safeguarding of their personal data. The NCSA recommends that SMBs take a proactive, transparent approach to safeguarding consumer personal data, identifying privacy needs and concerns, and using best data privacy practices to prevent cybercriminals from targeting your business.

What Are the Different Types of Cybercrime?

Below, we’ve ranked the most common types of cybercrime, and ranked them in order of their threat level to SMBs.

  • Physical Theft. The physical theft of a device (computer, laptop, smartphone, tablet, gaming system, etc.) that compromises the safety of all sensitive personal data on the device.

  • Phishing. Any suspicious email that briefly seems like it comes from a trustworthy source, but asks for sensitive personal data, payment data, and pressures you to act immediately. (Nigerian Prince Scheme, IRS scheme, Limo Scheme, etc.)

  • Malware Infection. Short for malicious software, this type of cybercrime uses specifically designed programming (code, scripts, active content, etc.) to violate and exploit sensitive data.

  • Hackers. Hackers often crack into networks for the thrill of the challenge, bragging rights in the hacker community, or to obtain access to sensitive data.

  • Ransomware. Holding files (business or personal) for ransom after infecting and encrypting a targeted system.

  • Card Skimming and POS (point-of-sale) Intrusion. The use of a device or program that uses a piece of POS hardware to harvest payment information.

  • Insider Threat. Staff or associates of a business use their knowledge to gain unrestricted access and cause damage to business systems or steal data.

  • Data Breach (data leakage, data spilling, information disclosure.) The release of secure information (intentional or unintentional) to an untrusted person or environment.

  • Distributed Denial of Service Attacks (DDoS). In a DDoS, hackers plant digital scripts on a specific digital system to attack. Then, when the hacker sends the targeted system a specific command, the system is overwhelmed with traffic and is unable to function. Any legitimate users trying to access the system are denied service.

Data Security Is A Smart Business Practice

The average consumer—and SMB owner! — is largely unaware of how their personal (or business) information is collected, used, or shared in the digital world. But strong data security is a good business practice that’ll help you stay in business! Here’s how compromised data security could hit your business—and how following best practices can protect it.

  • The most obvious benefit of securing your business data is that it lessens the risk of your business being targeted by cybercriminals. Firewalls and security software are like having a guard dog barking—cyber criminals will move on to easier targets.

  • The average cost to SMBs in a cyber attack is $200,000, which can easily put a small business out of business. Isn’t that worth the cost of security software?  

  • A proactive approach to data security creates a workplace culture of respect to business and customer safety, lessening the risk of an insider threat to your data.

  • Taking measures to protect customer safety builds trust through transparency with customers, strengthening your client retention rates.

NCSA Tips for Data Security

Step one in making sure your business and customer data is protected is learning the best practices for data security. Data security refers to the different practices, habits, and methods that prevent cyber criminals from accessing your business or customer data. Implementing data security protocols means more than just the protection software, hardware firewalls, payment security devices for your POS equipment or closely watching your business transactions. Data security starts from building good cyber safety habits and using the right cyber security tools. The NCSA’s Stay Safe Online organization suggests following their STOP. THINK. CONNECT. ™ best practice guidelines for business owners and consumers.


1. Keep Your Machines Clean

The first step to protecting your business and client data is to keep your security software current and automate software updates. Cybercrime keeps pace with technology, so running outdated anti-virus software, spam filters, web browsers, or operating systems won’t safeguard your business or customer data from viruses, malware, and other online threats. An additional step you can take is to extend protection to all your devices that connect to the internet (smartphones, game systems, tablets, and other web-enabled devices).

Most people understand the importance of security software for computers, but forget that your smartphone is a “tiny computer!” Likewise, it’s a good idea to plug in and perform a security scan on USBs and any other external devices (external hard drives, etc.) that could be infected by malware or viruses.

2. Protect Your Passwords & Logins

Personal information includes your logins and passwords on all web-enabled devices where more sensitive personal data is stored. To protect that data, start with your passwords. For every unique account, create a unique password, and for even more protection, make your passwords a sentence or phrase. For example, instead of making your password your dog Daisy’s name, try using the passphrase “Daisyisagooddog2020” to make it more difficult for a hacker to access your account.

Though in the moment, it may feel like a hassle to create a new passphrase for every account you have, the temporary inconvenience is better than handing a cyber thief the keys to the kingdom! Once you’ve updated all your passwords, put your login on lockdown. Install strong authentication tools and apps on your devices, such as biometrics, security keys, and one-time authentication codes to ensure maximum security for your banking, email, and social media accounts.

3. Connect Carefully!

Do you know how to quickly check a website to see if it’s security enabled? Most consumers don’t! Knowing the security status is always good to know, but never more important than when you’re banking or shopping online. Before you enter any personal data into a site, check its web address: https:// and shttp:// indicate a site that takes extra steps to secure personal data, while the more common http:// indicates a site isn’t necessarily secure for transmitting sensitive data. This is especially important when connecting to WiFi hotspots or public WiFi access points. Limit the type of business you conduct on public WiFi connections and adjust your security settings accordingly.

Finally, the easiest step to connecting carefully is the “When in doubt, throw it out” rule—the easiest way for cybercriminals to access your personal data is through a link in email, social media, or online advertising. If something seems suspicious or otherwise “not quite right,” trust your instinct and delete it.

4. Use & Build Your Web Wisdom

Like your software security program, give yourself regular updates to make sure you’re up-to-date on new ways to stay safe online. Because make no mistake—cyber criminals are well-versed on security measures to find ways around them. Always back up your personal and professional digital information (photos, work, music, video, etc.) by creating and storing an electronic copy, so that in case of a data breach, you don’t lose everything.

Once again, it’s vital to remember the “When in doubt, throw it out” rule. Trash communications pressuring you to act immediately with personal information, offers that sound too good to be true, or that otherwise request access to your private data.


5. Control Your Online Presence

For SMBs especially, what your business does online has the potential to affect everyone, from your staff to your customers and their extended networks. Your use of data security best practices benefits everyone who does business with your business. Remember, in a digital world, personal data is as valuable as money, so take the same steps to protect it as you would with your money.

Finally, be cautious when posting on the internet—consider what your post might reveal, who might see it, and how it could be used if it were to fall into the wrong hands.

Improve Your Digital Security for Data Privacy Day 2020

Feeling a little overwhelmed by all this information? Here are some easy, practical steps you can put into practice today, as well as additional resources to help protect your business and your customers in a digital world.

  • Install antivirus software, keep software updated, and use spam filters.

  • Create strong passwords and unique passwords for every account.

  • Limit employee access and authority to access data and information, or to install software.

  • Secure your Wi-Fi networks and use extra caution when accessing public WiFi hotspots.

Additional Resources

To learn more about these guidelines and other best practices for personal data security, use the resources linked below.

Vagaro logo For Data Privacy Day, don’t you owe it to your customers to choose a partner like Vagaro who prioritizes your business data security? From HIPAA-compliant software to the latest secure EMV chip card readers and other POS hardware, Vagaro is your first line of defense in protecting your business. Get started today and try Vagaro free for 30 days!

Header Image: Giorgio Trovato via Vagaro

Icons and Infographics: Mia Montemayor via Vagaro