BreachExchange mailing list archives
Common Security Mistakes Small Business Make and What to Avoid
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 19 Dec 2013 22:02:51 -0700
http://www.resourcenation.com/blog/common-security-mistakes-small-business-make-and-what-to-avoid/38141/ One of the most significant threats facing companies today is cyber intrusion. The inter-connectivity the businesses have gained from the Internet has been a boon to revenue and development, but it’s also proven a double-edged sword. Cyber attacks can be vicious and lead to incalculable losses in not just revenue, but intellectual property as well. However, despite this growing threat, a recent survey revealed a majority of small businesses don’t consider cyber intrusions to be a real threat. Conducted by the Ponemon Institute, the survey included responses from over 2,000 small-business managers and found a surprising 58 percent don’t think online hackers pose a credible threat to their company’s technology. This becomes especially concerning when considering small businesses have lost an average of $1.6 million in the last year because of online attacks. The Department for Business, Innovation and Skills revealed in a report that 87 percent of small businesses suffered a cyber attack in 2012, and the prospects for 2013 don’t look more promising. Companies hoping to deter hopeful hackers should avoid falling into these common IT shortcomings: Don’t ignore blind spots It’s not uncommon for a small business to be lacking in the area of IT security, but it’s not a fixed position. With IT staff regularly wrapped up in more day-to-day operations, businesses should consider investing in regular security checks to maintain adequate safeguards. Third-party firms exist to identify blind spots within a company’s cyber security structures, providing insight and advice for how to shore up weak areas and keep hopeful cyber intruders out. You’re not too small It’s an easy mistake to make, but don’t think a small business isn’t large enough to be the target of a cyber attack. It’s a popular thought that coasting under the radar with more modest profits and products will grant a company online immunity. The truth, however, is more often the opposite. The confidence small businesses of this nature have tend to leave to haphazardly assembled security portfolios that don’t actually offer a lot of cyber safeguards. In effect, believing a business is too small to warrant attack will increase the chances of intrusion. Stay on top of security policies When companies don’t perceive malicious hackers to be a threat, they don’t enforce security policies. Keeping confidential information on a portable device that regularly leaves the office is a security breach waiting to happen. A stolen laptop or a lost phone can mean countless damages in dollars and intellectual property. If a small business does not currently support a security policy, its first order of business is to enact one. The next step is to educate all employees on the details and then regularly enforce it. Passwords A problem many companies have, regardless of size, is passwords. Not so much in they don’t have them, but more that employees will regularly employ old passwords, reuse passwords or simply have bad ones. An easy way to avoid the problems that come along with insufficient password protection is for businesses to establish a set of guidelines. For instance, systems should require employees to change their passwords every few months or so. Businesses can also draw rules about password complexity, requiring a certain number of characters, as well as enforcing alphanumeric standards. Small businesses don’t often have excess budget space to spend on additional systems and advances, but investing in cyber security can help companies avoid online attacks and the financial losses that may come as a result.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Common Security Mistakes Small Business Make and What to Avoid Audrey McNeil (Dec 20)