Small and mid-sized business (SMB) owners may have misconceptions that leave them vulnerable to attacks, data loss and service disruptions.
Shielded by little more than a firewall and a false notion that they are too small for hackers to target, many SMBs don’t take the steps needed to adequately protect themselves. If you don’t take the necessary precautions to secure your network, then it’s not a question of if you will be breached, but when you will be breached.
However, knowledge and expert help can deflect cyber-threats. Here are four keys to preventing a security breach on your network:
1. Don’t be low-hanging fruit
You might be a small business, but cybercrime is big business. It’s growing and well organized. News of attacks on huge companies like Sony or Google, which make substantial security investments, only illustrate the capabilities of today’s hacker. If a business stores customer or financial information online —or even works with a partner who does—it can be a lucrative target. Cybercriminals methodically test to find weak links. If the reward for breaching an SMB’s defenses is higher than the risk and challenge posed, it becomes an easy target.
2. An ounce of prevention is worth a pound of cure
Businesses often learn of their security vulnerability only once they are exploited. Worse, today’s hackers are focused on hiding—sitting insidiously on the network to continually reap ill-gotten gains. Securing a network before it is compromised is considerably less expensive than later securing it, rebuilding reputations and paying fines or lawsuits. Such costs can force an SMB to close its doors, and no one wants to be the poster child for bad security.
3. New technology = new risks
New technology options, like social networking, introduce new attack vectors for cyber-threats. Criminals can use social networks to learn key facts about individuals for con artist-like social engineering to gain greater access. In addition, those pesky social network applications create a new window for possible malicious access into the network. Employees can also accidently share information that competitors, the public and even criminals might ordinarily not have access to.
The bring your own device (BYOD) trend can provide advantages in terms of cost savings, allowing employees to use their own (or company-subsidized) smartphones, tablets and laptops. Still, they increase the surface area from which cyber-criminals can attack, and many existing security solutions do not protect new devices. Since these devices perform double duty as work and personal devices and may have multiple users, it’s challenging to enforce corporate security policies. Plus, IT departments may find it difficult to secure devices from multiple vendors, in comparison to securing a standardized corporate device.
Another security issue with smart devices is that they have the ability to store data on the device. Since these devices are more susceptible to being lost or stolen, you must put the appropriate safeguards in place (i.e. encryption, multi-factor authentication, remote wipe, etc.). Otherwise, a lost or stolen device can result in a cybercriminal gaining physical access to confidential data. It’s important to consider all of these BYOD security challenges before letting employees use their iPads for business.
4. Mind your P’s
Good security isn’t just about having technology in place. Good security is a three-legged stool balanced on people, processes and technology. Employees must be trained to act correctly and safely, and policies must be put in place to reinforce the actions that comply with the company’s security needs, compliance requirements and customer expectations. Take away any one of these, and everything collapses.
Defending against these “attack vectors” is a daunting task for even the largest businesses. Monitoring security 24/7/365, as needed today, requires a minimum staff of five hard-to-come-by security experts, and many SMBs have only one IT resource who manages everything.
An answer to this problem is reaching out to a managed security service provider (MSSP) for help. Industry analysts have recently recognized the valuable role of MSSPs and the role they play in keeping businesses secure. Look for an MSSP who is recognized as a leader in its industry and offers proven expertise in securing both its own communications network and those of its customers.
It is interesting to watch the debate around SMB’s, there has been concern over which methods of security are best suited to add additional layers of security and authentication for account access and transaction verification without being unreasonably expensive or complex. I’ve noticed that leading companies in their respective verticals are offering a form of two-factor authentication thus giving users the perfect balance between security and user experience by challenging the customer to telesign into an account or to confirm a transaction. This should be a prerequisite to any system that wants to promote itself as being secure.