The scenario usually is something as simple as – cyber-thieves plant a software program onto a point-of-sale terminal at your local retail establishment, which then allows the criminal to retain the credit card information from the unsuspecting patron. While money is being drained from the customer’s bank account to pay for items like clothes and gas, the retail store owner is usually unaware that it is she/he who is the one that is a conduit for the fraud. Hackers are shifting their sites from large multinational companies to small businesses for one reason – it’s easy.
Small business owners are so focused on mere survival that they feel their “cash insignificance” is enough of a deterrence for cyber-thieves to look for greener pastures. As small business become more digitized with their records and computer systems, hackers are seeing them as a prime target to commit fraud against. The risk of being caught stealing information from small businesses is just not outweighed by the opportunity and reward. With limited budgets and few or no technical experts on staff, small businesses generally have weak security, and thus are low hanging fruit for cyber-thieves.
While companies like Citi Bank, LockheedMartin, et al, have the capital to survive a massive data breach, the margin-for-error is severely high for the small business’ long-term viability. Even the most “local” of retail establishments collect names, addresses, and credit card numbers – all of which are highly valuable to the enterprising criminal. A data governance policy, no matter how small, can do so much to deter a cyber-thief to pursue another victim.