5 Ways Your Small Business Is at Risk for a Cyber Attack

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.investopedia.com/articles/professionals/100215/5-ways-your-small-business-risk-cyber-attack.asp

Due to the relatively small size of their businesses alone, many small
business owners think they are immune to computer attacks. They figure they
are too small to be on the radar screen of the bad guys. But that way of
thinking can be dangerous. Small businesses are a prime target for computer
hackers largely because their guard is down.

According to a 2013 survey by the National Small Business Association, 44
percent of small businesses have been the victim of an attack. What’s more,
60% of survey respondents said they are somewhat concerned about
cybersecurity issues, and one in four have little to no understanding of
the security threats their business face.

But what small business owners may not realize is that the cost of a cyber
breach is going to typically be in the thousands of dollars range. The
National Small Business Association pegs the average costs for a cyber
attack at $8,699.48. Of those small businesses whose bank account was
infiltrated, the average loss was $6,927.50. And that doesn’t even take
into account the financial toll of losing customers as a result of a breach.

Think It Can’t Happen To You

For small business owners who don’t want to be the next victim of a
computer breach, changing their mindset is going to go a long way in
protecting the business from cyber criminals. Because lots of small
business owners don’t think anything will happen to them, they often skimp
on security and fail to do basic things like updating their security
software and deploying patches. In order to protect the business, the owner
has to make sure he or she has the proper amount of security to keep the
bad guys out. They also have to perform those maintenance requirements to
make sure any security holes are closed.

Don’t Have a Technology Policy On The Books

Whether the small business is ten people strong or a 100, the company needs
to establish and more importantly enforce rules about employees’ behavior
when logged into the company’s network. Doing nothing creates an
environment where anything goes, which increases the likelihood of a
security breach. It’s not smart to let employees jump on the company Wi-Fi
with non-secure devices, but if the company doesn’t explicitly inform them,
how will they know? The same goes for teaching employees how to surf smart
and not click on links or open emails that could infect the entire network.
If the small business houses a lot of sensitive data, for example
customers' social security numbers and bank accounts, it should have
two-factor login authentication turned on. With that feature enabled,
anyone logging into the company network must provide two means of
identification from separate categories. An example would be a password and
then the answer to a security question.

Not Taking the Time to Encrypt Data

For many small businesses, one of the biggest risks is a cyber criminal
breaking into their systems and stealing their personal account information
as well as information of their customers. The last thing a business of any
size wants to see happen is that their information fall into the wrongs
hands. Yet many small business owners don’t take the time toencrypt their
data. If company data isn’t encrypted, then it’s open season for the bad
guys. Any important data, including bank accounts, credit card numbers,
social security numbers and customer information needs to be encrypted.
Even if the hackers get it, they won't be able to read your data. Most
operating systems like Microsoft Windows come standard with encryption
tools. Business owners need to make sure that option is turned on. Many
types of security software are also available.

Having Weak Passwords

One of the easiest ways for a hacker to infiltrate a computer systems is by
exploiting a weak password. Nevertheless many small business owners don’t
take the time to make strong ones or change them on a regular basis. They
argue that they don’t have enough time to run the business let alone worry
about multiple, complex passwords. But subscribing to that logic is going
to set a small business up for a potential breach if their password is easy
to figure out.

Losing Control of Software Access

Small business owners are busy running their businesses and can easily lose
sight of which employee is accessing which system. But not being aware of
who has access can be a big, costly mistake, particularly if the company
runs into a situation where it is dealing with a disgruntled employee. The
road is littered with stories of inside computer attacks by upset
employees. In order to clamp down on that risk, the small business owner
needs to know who has access to what and more importantly grant access on a
case-by-case basis. There’s no reason the receptionist needs access to the
billing system.

The Bottom Line

Small business owners may think they are too small to land on the radar of
computer criminals, but they are prime targets because of their naïveté.
Nobody wants to spend money on something unlikely to happen to them, but in
this era where the cybercriminals are staying one step ahead of everyone
else, small business owners have to be protected. That means making sure
their systems are secure and patched, their data is encrypted, their
employees are trained and access is limited. Along with recognizing the
general risks, doing these specific things will greatly lower the risk
small businesses face from ever more sophisticated cybercriminals.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!