Press "Enter" to skip to content

If you think your business is too small for a cyberattack, think again

Big companies make the headlines when it comes to cybersecurity, but by some estimates smaller businesses account for up to 75% of cyberattacks

Editor’s Note: This is the first installment in a series on cybersecurity

I’ll share with you some names with you: Charge Healthcare (UHC), Microsoft, CDK, Invanti, Red Hat, Accension Health, Advanced Auto Parts, AT&T. Guess what they have in common. If you said they are all big companies you would be correct. If you said they were all victims of cybersecurity theft, you would be also correct. And what happened to them may be coming to your business soon, too.

The facts are that big companies make big headlines. Smaller business do not make news. But, by a variety of estimates, small business makes up about three-quarters of all attacks, accounting for nearly half of the data breaches where customer, business partner, employee or some other company information is stolen. So, before anyone reading thinks they are too small or too big to be the victim of a cyberattack and you are all set, think again.

One report found that the average employee at a small business will be the target of 350% more “social engineering” cyberattacks (where individuals are manipulated into sharing information) than an employee at a larger company. And, 87% of small businesses have customer data that could be compromised in an attack.

And from Evarts Tremaine, here are a few of the cyberattacks you face as an auto repair business:

Internet of Things (IoT) Vulnerabilities — Smart devices connected to your network exposing your business to potential threats.

Data Breaches — Targeting customer & employee data.

Ransomware Attacks — Hacking and encrypting business files & demanding ransom to restore access.

Phishing Scams — Deceptive emails or messages tricking employees into revealing sensitive information or installing malware.

Insider Threats — Disgruntled employees intentionally compromising your systems or sharing sensitive data.

According to IBM’s report, 2023 Cost of a Data Breach Report, 95% of cybersecurity incidents at small businesses cost between $826 and $653,587. While it’s reasonably more likely we, as an industry, may be on the lower end of that scale, it is preventable. Besides, who has a few or many thousands of dollars lying around and the proper insurance to deal with these issues?

Bad actors drool over small business just like your shops, part houses and small manufacturing. They tend to be easy targets due to lack of security and hold a treasure trove of personal data that is easily resold. 

I’ll share a personal story. This happened in the mid-1990s. At the time I was blessed to have four businesses of different types. One day we got an alert from our IT provider that we had a cyberattack nibbling on one of the company’s networks. They tracked it down before it could make it through a secondary firewall. Seems there was a pornography operation trying to access business systems. 

They wanted to find open hard drive space to store and distribute their porn. However, our system held and functioned as planned, and they never got close to any customer data or our business data. Our IT company shared with me that our system was getting hit nearly 1,800 times a day with a wide variety of spam, malware, hackers and so on. We never had a problem. That’s why I am so wound up to share this with you. I get it!

Just to make sure the stakes are understood, here is what can happen to you if you are successfully attacked:

  • Your reputation may be gone. This is particularly true if you have customers or business partners involved. Per the law, if you are breached and personal data is taken you must advise those affected, and offer to assist with their protection by offering to pay for any credit checks or locking down future information. This one point alone is part of why up to 60% of small businesses don’t survive a data breach.
  • Disruption to your business. Especially small businesses who don’t have the IT staff to deal with the problem. It will be up to you and your employees to sort this out. Or, you’ll be hiring someone.
  • You and the business may be subject to fines.
  • Lawsuits are not uncommon by hacked-off customers, employees and business partners.
  • Employee morale is frequently depressed following a cyber-attack. I’ll bet you cannot afford to lose good people to the competitor down the street.
  • The expenses of hiring help in the form of accountants, attorneys and others to clean up the mess left behind.

Take note that I mentioned business partners in the list, who won’t be pleased. If you are connected to their systems, any attack on you can morph to their systems. And, you will have payables and receivables information on your system that has private business information for both partners. Makes for great resale in the Deep Web. Ditto for customer data. And the same for employee information.

As I found out, we are all at risk.


At a young age, industry veteran Tom Langer started detailing cars for his family’s dealerships, which then led to work in the jobber and warehouse business, along with a machine shop and auto body shop. He held a variety of positions with an auto parts manufacturer for 10 years, and remained in the industry working with shops, warehouses and manufacturers in research and more.

Comments are closed.

Bringing you regional and national automotive aftermarket news
Verified by MonsterInsights