In the good old days, before cyber-security became a real problem on the scale we’ve seen recently, having the anonymity of a small business was an advantage. Cyber-criminals had bigger fish to fry so to speak. And we’ve seen the results. 2014 was a brutal year no matter how you look at it; big name retailers, banks, and even a movie studio got hit hard. Unfortunately, as cyber-criminals have scaled up their efforts they’ve also discovered that small businesses are easy pickings for stealing data. Lack of robust security infrastructure, less cyber-security tools and resources, and little or no prevention training often amount to an open invitation for a data breach. An infographic from the National Cyber Security Alliance (NCSA) reports that 71 percent of security breaches target small businesses, and nearly half of all small businesses have been victims of cyberattacks.
No one wants to deal with the fallout from a data breach as this can have irrevocable consequences ranging from lost customers to brand damage, increased expenses, and decreased revenue. It’s sobering to consider that, according to Experian, 60 percent of small businesses that suffer a breach go out of business after six months.
Awareness starts with education. Once you have knowledge then you can take action and implement preventative measures. We thought it’d be helpful to identify some of the top security risks facing small businesses today. Knowing these risks will hopefully prompt you to take a pulse check on your own organization’s cyber-security strategy. It’s best to take preventative measures now against cyber-bullies rather than deal with expensive and time-consuming fallout later, which can potentially ruin your business.
1. Phishing attacks
A common means hackers use to capture private data from small businesses is through spam or fake emails that purport to be from legitimate corporations, banks, or other institutions. Once the bad guys get even a small foothold then they can easily exploit your company data. Advise employees to never click hyperlinks in suspicious or unverified emails, especially ones requesting information or payments. Keep in mind that legitimate institutions that offer payment options will always have HTTPS websites equipped with SSL protection. Implementing desktop and network firewalls and anti-spam email software also will reduce the likelihood of these kinds of attacks.
2. Weak passwords
You wouldn’t leave the door to your home open in the middle of the night for potential intruders to enter. Yet, that’s what happens at companies every day when employees fail to secure their passwords. This seems self-evident but it bears urgent emphasis, especially after the recent security debacles of 2014. Research shows that the advances in technology have made most passwords hackable; one article suggests 90% of passwords can be cracked in seconds. So don’t forego strong passwords for the sake of convenience.
3. Unpatched devices
Think of all the hardware and software that your small business uses that may present an invitation for hackers to gain entry. According to Shlomi Boutnaru, cofounder & CTO, CyActive, “These are network devices, such as routers, [servers] and printers that employ software or firmware in their operation, yet either a patch for a vulnerability in them was not yet created or sent, or their hardware was not designed to enable them to be updated following the discovery of vulnerabilities . . . This leaves an exploitable device in your network, waiting for attackers to use it to gain access to your data.”
4. Not encrypting your data
We live in the era of mobile, BYOD, and Big Data and with all the information exchanged today, there are many more opportunities for hackers to intercept your company’s private data. Encrypting and authenticating your data will help put a roadblock in front of the bad guys. Failure to use something like 2FA, or 2 Factor Authentication (often required in cloud providers like Dropbox and Office 365 as an extra layer of security) can be disastrous. Several years ago one tech journalist suffered an epic data hack in which invaders got into his Twitter and Google accounts, wiped his iPhone and iPad, and deleted files and irreplaceable family photos that he didn’t have backed up. In the aftermath the journalist wrote that this debacle might’ve been prevented if he had just used Google’s 2FA. The everyday small business owner should take this as a valuable lesson learned.
5. Dropped USB drives
It’s the oldest trick in the book but you’ll be surprised how many still fall for this. Hackers will drop a spyware infected USB drive or thumb drive in the parking lot of a company. When an unsuspecting employee picks it up and installs it into their computer the malware gets unleashed through a phishing attack and the hacker gains the needed access point to exploit company assets.
6. Rogue insiders
Believe it or not a disgruntled employee can be a real security threat, even in a small business. “Internal attacks are one of the biggest threats facing your data and systems,” states Cortney Thompson, CTO of Green House Data. “Rogue employees, especially members of the IT team with knowledge of and access to networks, data centers and admin accounts, can cause serious damage,” he says. Performing official background checks on prospective employees to detect any criminal history should be something your HR department or hiring personnel make to be a standard practice.
Malware is an ever present threat against small businesses (and organizations of all sizes for that matter). It frequently hitches to ads and other unreliable downloads and can inject viruses into your computer, putting your data at risk. While budgets are tight, especially for smaller firms, the risks of not having your network secured with the appropriate firewall and business class anti-virus technology far outweigh the costs. Ensure that your software is updated with the latest patches and that all applications, email programs, and browsers are covered. Also, be sure to proactively educate your employees about how to reduce the risk of malware attacks.