BreachExchange mailing list archives
5 Ways Your Small Business Is at Risk for a Cyber Attack
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 5 Oct 2015 18:28:16 -0600
http://www.investopedia.com/articles/professionals/100215/5-ways-your-small-business-risk-cyber-attack.asp Due to the relatively small size of their businesses alone, many small business owners think they are immune to computer attacks. They figure they are too small to be on the radar screen of the bad guys. But that way of thinking can be dangerous. Small businesses are a prime target for computer hackers largely because their guard is down. According to a 2013 survey by the National Small Business Association, 44 percent of small businesses have been the victim of an attack. What’s more, 60% of survey respondents said they are somewhat concerned about cybersecurity issues, and one in four have little to no understanding of the security threats their business face. But what small business owners may not realize is that the cost of a cyber breach is going to typically be in the thousands of dollars range. The National Small Business Association pegs the average costs for a cyber attack at $8,699.48. Of those small businesses whose bank account was infiltrated, the average loss was $6,927.50. And that doesn’t even take into account the financial toll of losing customers as a result of a breach. Think It Can’t Happen To You For small business owners who don’t want to be the next victim of a computer breach, changing their mindset is going to go a long way in protecting the business from cyber criminals. Because lots of small business owners don’t think anything will happen to them, they often skimp on security and fail to do basic things like updating their security software and deploying patches. In order to protect the business, the owner has to make sure he or she has the proper amount of security to keep the bad guys out. They also have to perform those maintenance requirements to make sure any security holes are closed. Don’t Have a Technology Policy On The Books Whether the small business is ten people strong or a 100, the company needs to establish and more importantly enforce rules about employees’ behavior when logged into the company’s network. Doing nothing creates an environment where anything goes, which increases the likelihood of a security breach. It’s not smart to let employees jump on the company Wi-Fi with non-secure devices, but if the company doesn’t explicitly inform them, how will they know? The same goes for teaching employees how to surf smart and not click on links or open emails that could infect the entire network. If the small business houses a lot of sensitive data, for example customers' social security numbers and bank accounts, it should have two-factor login authentication turned on. With that feature enabled, anyone logging into the company network must provide two means of identification from separate categories. An example would be a password and then the answer to a security question. Not Taking the Time to Encrypt Data For many small businesses, one of the biggest risks is a cyber criminal breaking into their systems and stealing their personal account information as well as information of their customers. The last thing a business of any size wants to see happen is that their information fall into the wrongs hands. Yet many small business owners don’t take the time toencrypt their data. If company data isn’t encrypted, then it’s open season for the bad guys. Any important data, including bank accounts, credit card numbers, social security numbers and customer information needs to be encrypted. Even if the hackers get it, they won't be able to read your data. Most operating systems like Microsoft Windows come standard with encryption tools. Business owners need to make sure that option is turned on. Many types of security software are also available. Having Weak Passwords One of the easiest ways for a hacker to infiltrate a computer systems is by exploiting a weak password. Nevertheless many small business owners don’t take the time to make strong ones or change them on a regular basis. They argue that they don’t have enough time to run the business let alone worry about multiple, complex passwords. But subscribing to that logic is going to set a small business up for a potential breach if their password is easy to figure out. Losing Control of Software Access Small business owners are busy running their businesses and can easily lose sight of which employee is accessing which system. But not being aware of who has access can be a big, costly mistake, particularly if the company runs into a situation where it is dealing with a disgruntled employee. The road is littered with stories of inside computer attacks by upset employees. In order to clamp down on that risk, the small business owner needs to know who has access to what and more importantly grant access on a case-by-case basis. There’s no reason the receptionist needs access to the billing system. The Bottom Line Small business owners may think they are too small to land on the radar of computer criminals, but they are prime targets because of their naïveté. Nobody wants to spend money on something unlikely to happen to them, but in this era where the cybercriminals are staying one step ahead of everyone else, small business owners have to be protected. That means making sure their systems are secure and patched, their data is encrypted, their employees are trained and access is limited. Along with recognizing the general risks, doing these specific things will greatly lower the risk small businesses face from ever more sophisticated cybercriminals.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- 5 Ways Your Small Business Is at Risk for a Cyber Attack Audrey McNeil (Oct 06)