4 ways SMBs can fend off IT security threats

Small and mid-sized business (SMB) owners may have misconceptions that leave them vulnerable to attacks, data loss and service disruptions.

Shielded by little more than a firewall and a false notion that they are too small for hackers to target, many SMBs don’t take the steps needed to adequately protect themselves. If you don’t take the necessary precautions to secure your network, then it’s not a question of if you will be breached, but when you will be breached.

However, knowledge and expert help can deflect cyber-threats. Here are four keys to preventing a security breach on your network:

1.      Don’t be low-hanging fruit

You might be a small business, but cybercrime is big business. It’s growing and well organized. News of attacks on huge companies like Sony or Google, which make substantial security investments, only illustrate the capabilities of today’s hacker. If a business stores customer or financial information online —or even works with a partner who does—it can be a lucrative target. Cybercriminals methodically test to find weak links. If the reward for breaching an SMB’s defenses is higher than the risk and challenge posed, it becomes an easy target.

2.      An ounce of prevention is worth a pound of cure

Businesses often learn of their security vulnerability only once they are exploited. Worse, today’s hackers are focused on hiding—sitting insidiously on the network to continually reap ill-gotten gains.  Securing a network before it is compromised is considerably less expensive than later securing it, rebuilding reputations and paying fines or lawsuits. Such costs can force an SMB to close its doors, and no one wants to be the poster child for bad security.

3.      New technology = new risks

New technology options, like social networking, introduce new attack vectors for cyber-threats. Criminals can use social networks to learn key facts about individuals for con artist-like social engineering to gain greater access. In addition, those pesky social network applications create a new window for possible malicious access into the network. Employees can also accidently share information that competitors, the public and even criminals might ordinarily not have access to.

The bring your own device (BYOD) trend can provide advantages in terms of cost savings, allowing employees to use their own (or company-subsidized) smartphones, tablets and laptops. Still, they increase the surface area from which cyber-criminals can attack, and many existing security solutions do not protect new devices. Since these devices perform double duty as work and personal devices and may have multiple users, it’s challenging to enforce corporate security policies. Plus, IT departments may find it difficult to secure devices from multiple vendors, in comparison to securing a standardized corporate device.

Another security issue with smart devices is that they have the ability to store data on the device. Since these devices are more susceptible to being lost or stolen, you must put the appropriate safeguards in place (i.e. encryption, multi-factor authentication, remote wipe, etc.). Otherwise, a lost or stolen device can result in a cybercriminal gaining physical access to confidential data. It’s important to consider all of these BYOD security challenges before letting employees use their iPads for business.

4.      Mind your P’s

Good security isn’t just about having technology in place. Good security is a three-legged stool balanced on people, processes and technology. Employees must be trained to act correctly and safely, and policies must be put in place to reinforce the actions that comply with the company’s security needs, compliance requirements and customer expectations. Take away any one of these, and everything collapses.