Why Small Businesses Are Prime Targets for Hackers | Practice Management Tips for CPAs

When we talk to our clients about the importance of using a secure client portal to exchange confidential client information, many of them express that their business is “too small to be hacked.” And it’s not just us: In a 2019, password management company Keeper Security interviewed over 500 decision makers at SMBs, and found that 73% felt they were not likely to be targeted by hackers. In its report, Keeper stated, “respondents overwhelmingly seem to believe that company revenue correlates with likelihood of being attacked.” However, the fact of the matter is that small businesses are at high risk for security breaches. Here are some of the top reasons why.

Modern Cyberattacks Are Performed by Robots

Countless movies and TV shows have popularized the image of a lone, hoodied hacker, bent over his keyboard as neon numbers flash over his head. As exciting and dramatic as this image is, the reality is that modern cyberattacks are carried out by robots which attack thousands or millions of sites at the same time. Today’s hackers do not pick and choose between individual businesses they’d like to target. Rather, they choose a certain umbrella, like “accounting firm” or “law firm,” attack everything on the list at once, and see which websites’ defenses are weakest. For this reason, large and small companies are often at equal risk. 

Hackers Know That Larger Companies Have More Resources  

Hackers often target small businesses because they know that large companies have the resources for sophisticated security systems, while small businesses typically don’t. Many small businesses are under-funded and under-staffed, which makes them great targets for hackers. With tighter resources, it’s less likely that a business has invested in IT personnel, cybersecurity software, or encrypted client portal software. And with less hands on deck, it’s more likely that a breach will go unnoticed for months or years, as employees prioritize hot-button issues. In many cases, small businesses are targeted simply for the fact that they’re easier pickings.

A Small Business Can be the Gateway to a Larger Company

Hackers sometimes target a small business with the goal of breaching a much larger company that is connected to it. For example, Target’s massive 2013 data breach occurred when its HVAC vendor’s company was hacked. Once through the cybercriminals broke through the HVAC’s humble defenses, they used what they found to access Target’s massive database—and ended up with the personal credentials of over 40 million customers. 

Hackers are After Data, Not Money   

Hackers know that even a few private credentials or records can be quite valuable. Credit card numbers, health records and financial records can either be directly pillaged for revenue, or sold on the black market. This is why many hackers target holders of sensitive information, such as accounting firms, law firms, and medical practices. For a cybercriminal, breaching just one small accounting firm is like hitting the jackpot, as countless records can be obtained in just one hack.

Protect Your Client Data With an Encrypted Client Portal

Considering all the consequences that can result from a security breach, it’s crucial that CPAs, accountants, and attorneys take proactive steps to secure their client data. If you are exchanging personal client data via public email servers, such as Outlook and Gmail, you are at high risk for a security breach. An encrypted client portal, on the other hand, is almost impossible to hack and will keep your firm safe from liability. Client portals also have many other advantages, such as making your practice more efficient and keeping a real-time record of all client interactions. 

Mango’s client portal for CPAs uses 256-bit bank-level encryption to ensure client data is protected at all times. To download a free demo or learn more about our practice management software, click here!