Sure, there once was a time when being a small to medium sized business with little brand awareness had its advantages. For example, you were a lot less likely to be targeted by hackers. Often when people think of data breaches and security threats, they typically think of huge conglomerates being the focus of hackers and cyber-attacks. Take Target’s recent data breach for example, this is when credit and debit cards, along with personal data had been stolen by thieves, putting over 70 million customers at risk for identify theft. Or the Neiman Marcus consumer data breach that affected close to 1.1 million people. Those larger companies are just the ones that we hear about on the news, but they most certainly aren’t the only data breaches that happen. If you don’ think that your business can be the target of a data breach because you are too small, think again. According to Symantec, cyber-attacks on small businesses rose by 300% in 2012 from the previous year. Why? Because small businesses often have weak security measures.
Being a smaller business makes you even more vulnerable.
Small to medium sized companies are often put at risk because cybercriminals know that many of those companies don’t invest in protecting their IT infrastructure and digital information. For those that do, their IT and security is often static and doesn’t evolve and grow with the business as time goes on. Cybercriminals are crazy-smart, and they’re always evolving their methods of accessing data. If your security isn’t up to snuff and is outdated, your risk of being targeted is increasing significantly everyday you don’t identify the vulnerabilities and do something to protect yourself.
Hackers aren’t just looking for banking and credit information.
Just because you don’t share banking and credit information online or via email doesn’t mean you aren’t at risk for having a security breach. Hackers are putting together dossiers on your customers. They are looking for names, phone numbers, email addresses, billing information and any other type of intellectual property they can get their hands on. Once they compile this dossier of data, they sell, and those customers now have a probability of becoming a victim of identity theft. Trying to explain to a customer that their information was compromised by your lack of security is not a conversation that you want to have.
So how you can start protecting your business from being a target?
1.) Have an effective password policy and protocol.
Your company and employees will need to change all passwords at least every 90 days with complex password requirements. These passwords should be between 8-15 characters, have at least one capital letter, one lowercase letter, one number, and one special character. You should avoid the use of names of pets, birthdays, anniversaries, or full words as this is easy information obtained by cyber thieves. You should also not reuse passwords across platforms. It’s all too easy for a hacker to gain access to one password and get into your other platforms with that same password.
2.) Perform monthly maintenance and monitoring of all activity to ensure security updates are properly deployed.
As previously stated, cybercriminals are crazy-smart and are always evolving their methods to target security systems. Your company should perform monthly maintenance and monitoring on your IT Infrastructures to make sure that all security updates are deployed. Failure to do so can expose IT vulnerabilities and exploit your company to security breaches and malware.
3.) Provide quarterly malware training for all of your employees.
Businesses cannot afford to ignore the importance of security training. Your employees are the most vulnerable when it comes to security threats and breaches. Though you may think your employees know how to avoid becoming targets to hackers, they don’t always follow the rules. A few things to include in your malware training include how to identify evolving threats such as phishing, how to protect company intellectual property, how to create smarter passwords, and why they need to be careful with their online actions.
If you are looking for more information about how to protect your business, contact us for an IT evaluation and see what vulnerabilities are exposed. Don’t wait until a data breach happens to take action. If it can happen to large conglomerates that spend millions on security, imagine what can happen to those who don’t.