Most Common Causes of Data Breaches For Small Businesses

April 29

Data breaches should never be a question of “if” but rather “when”, while cyber attacks affect businesses of all sizes, small businesses are especially vulnerable. 

Cybersecurity for small businesses can be a challenge, but GAM Tech wants to help every business avoid data breaches. Let’s arm you with some valuable knowledge:

Small businesses are more likely to experience a company breach, resulting in lost data such as email addresses, encrypted passwords, social security numbers, and other valuable confidential information. 

What's in this article?


Here’s what you need to know when it comes to common causes of data breaches and how to protect your small business. 

There’s Often a Common Reason as to Why Data Loss Occurs:

Limited Resources: Sadly, many SMBs do not have the time, money, or people to plan and manage their business’ online security.

In fact, nearly half of all data breaches involve small businesses. The consequences of data breaches can be detrimental. It can be not only costly but also decrease a customer’s loyalty. And in the worst case, a business could suffer from a permanent closure. 

You need to treat your data security as a top priority, so your company does not become another cybersecurity statistic 



Data Breach Image

What is a Data Breach?  

A data breach occurs when unauthorized parties infiltrate computer systems, networks, or databases to gain access to confidential information.

They often involve the use/exploitation of personally identifiable information (PII) such as full name, email address, social security number, etc.

For larger companies, trade secrets, customer lists, account information, and software source codes could be exploited.

On average, the global average cost of a data breach is a staggering $4.45 million, which is a 15% increase over 3 years. (Link to IBM website)


Common Data Breaches Affecting Small Businesses 



Familiarizing yourself with common incidents that can affect businesses is essential for keeping your company safe and secure after all the best defence is a good offence. 



Here are 8 common data breach terms, along with examples:

Common Data Breach Term #1: Malware 

Malware is short for malicious software, malware is a blanket term describing software created with the intent to cause damage to networks, data, and/or systems. 

3 Common Types of Malware Include:

Ransomware – Prevents or limits user access to systems and networks until users agree to pay a fee (ransomware) to have their information unencrypted.

Viruses – One of the most common forms of malware, viruses are malicious programs or code that “infects” legitimate, clean code on a user’s computer. Once executed (either unknowingly or through automated processes), viruses can spread quickly across a network, affecting other systems and users. 

Spyware – This form of malware “spies” on the user, operating in the background to collect employee data, such as passwords, credit card numbers, internet usage and other sensitive data. 


From here this data is then sent to data firms, advertisers or other external users, typically for financial gains. 


Common Data Breach Term #2: Compromised Credentials 

80% of data breaches are a result of weak or stolen passwords.

Passwords that are easily guessed, based on personal details (i.e. your dog’s name) or ones used across multiple sites, will put your information at risk. 

Another common source of compromised credentials is when an employee stops working for your company.

It doesn’t matter whether the employee leaves voluntarily or if they were let go, company passwords and logins must be managed in a secure way.

We have worked with clients using shared logins for some of their most important, cloud-based tools.

We asked how long since their last password change.

The answer:

“Oh, we’ve used the same password since we got that tool... 4 years ago.”


Any former employee who had access to that tool would have no issue loading up a web browser and logging into that piece of software.

In our digital world, it is extremely important to treat logins and passwords for tools and software with the same care as our ATM PINs.

If you’re interested in learning more about password security, follow these essential tips for stronger passwords


Common Data Breach Term #3: Social Engineering 

Social engineering is a cyber threat that leverages human psychology rather than exploiting technical vulnerabilities. (Link to living security post)

Cybercriminals use manipulation techniques to exploit human error and gain access to a business’s sensitive data. 

This type of data incident relies on psychology to deceive unsuspecting users into giving up information. 

While social engineering comes in different forms, we’ve all experienced these kinds of attacks from:

  • Our favourite “royalty” from around the globe
  • An international relative
  • The "long-lost, recently-deceased" bank tycoon…


royalty castle that awaits you in the phishing scam

They are also commonly known as phishing scams. 

While our examples may make you giggle, every day, they’re trying to get more sophisticated. 

At times, these types of attacks can look legitimate as an actual email from your credit card company or bank. Sometimes they can even come with an Excel or PDF attachment.

More often than not it will be coming to your inbox from an email address you recognize - a co-worker, vendor, client, friend, or family member. 


Common Data Breach Term #4: Backdoor Attacks 

Backdoor attacks refer to any method(s) used to circumvent a system, application or network’s standard security measures (a Trojan is a perfect example). 

Once in, cybercriminals will seek a higher level of access to hijack devices, install malware, steal employee or customer data and more. 


Common Data Breach Term #5: Permissions Overload 

When too many users are granted too many privileges to your business systems, your information becomes more vulnerable. 

You might recognize terms such as “Denial of Service” or DDOS Attack when thinking of these types of data breaches.

Keep admin privileges specific to a worker’s job function and remember, the less data users can access, the less likely it is to fall into the wrong hands. 


Common Data Breach Term #6: Insider Threats 

Remember the former employee we talked about earlier? They’re not the only common source of data breaches.

An insider threat is a cybersecurity threat that originates from, within an organization. This can come in the form of employee data theft, which can cause highly damaging business data loss.

Usually, these threats come from a past or current employee, third party, or contractor who has access to a business’s databases, applications or network. 


Common Data Breach Term #7: Device Theft or Loss 

Remote work and the BYOD (Bring Your Own Device) approaches have proven beneficial to small businesses in terms of overhead costs and productivity, but they can also pose serious security threats

For instance, employees commuting or working between different locations are far more likely to lose or misplace their devices.

You can't stop someone from being forgetful, so reducing this risk is usually found in "Two-Factor Authentication" (2FA).

You may have already experienced this type of practice with your personal Android or iOS devices.

Two-factor authentication is necessary for preventing unauthorized access to your company data and lowering the risks from misplaced devices.


Common Data Breach Term #8: Out-of-Date Software 

Outdated software makes cybercrime easy for any hacker or malicious intruder. 

Without regular software updates and the latest security patch installs, your systems and devices will not maintain the defences they need to thwart malicious attacks. 

Ensure regular updates are part of your small business’s best cybersecurity practices


6 Key Tips For Preventing Data Breaches 

1. Educate Your Staff 

Did you know, over 90% of data breaches are caused by human error?  Because hackers love to take advantage of unsuspecting employees, it’s important to provide mandatory cybersecurity awareness training for your staff. 


2. Limit User Privileges 

By limiting access to your data, you are limiting your chances for security breaches and data loss. Employees should only be granted access to permissions essential to the completion of their work. 


3. Employ Anti-Spyware and Antivirus Software on All Devices 

These forms of security software are essential to safeguarding your businesses against any number of malware attacks (see above). Install anti-spyware and antivirus protection on all devices and be sure to keep them updated! 


4. Encrypt Company Data 

Encrypted data can only be accessed by users with the right encryption key. In short, encryption prevents your information from being read or stolen by unauthorized persons online. 


5. Configure a Virtual Private Network (VPN) 

Like encryption, a business VPN will prevent attackers from gaining access to your private network. Especially important for small businesses that rely on remote work, a VPN provides employees with a secure way to access company information, from anywhere, without exposing their data. 


6. Perform Regular Security Assessments 

Last but not least, we recommend performing regular IT Security Risk Assessments as a means of identifying vulnerabilities within your business. This will help you prevent potential data incidents before they have a chance to take root and prevent costly downtime



At GAMTech, we specialize in reliable, affordable and ultra-responsive IT services. Our mission is to help protect, scale and streamline operations for small to medium-sized businesses. For more information on the many cost-effective services we provide and how they can help your organization succeed, we invite you to get in touch with us!


New call-to-action

Posted by Adrian Ghira on Oct 15, 2020 7:47:39 PM

Topics: breach, data, personal data

Subscribe to our Newsletter

Recent Posts