Global professional services firm Ernst & Young have produced an annual global information security survey for the last 16 years. The most recent states in the introduction, “…cyber attacks are no longer a matter of if, but when.” To small businesses and startups who often can’t stretch to IT departments and security specialists this may sound a little distressing. Your systems may contain employee details (such as bank details and social security numbers) and customer information (names, addresses, credit card details) and as such needs protection. The most common current cyber threats factors are:
Bring Your Own Device (BYOD).
The trend for mobile use and allowing employees to use their own devices in the workplace gives rise to an exaggerated level of risk, with downloaded data being stored on a variety of often unsecured smartphones and tablets.
Apps are where it’s at and particularly in a small business with a BYOD policy the efficiencies come from having people using the right time-saving applications. However, this means you have a constant flow of information to and from the internet and the cloud. Ask yourself how secure your file-sharing and cloud storage actually is.
Then there is the deliberate and malicious professional. The thief who will steal your data and/or your hardware and use it to siphon of money through fake payroll runs, artificial banking transactions or dubious lines of credit.
So, what to do about the situation – how do you protect your business, customers and employees against cyber attacks against the company’s systems?
Educate your employees.
Given that a recent report found that 27% of internal security breaches were simply errors or mistakes on the part of employees, the best cure if prevention. Have an information security policy and ensure your people understand it – they should be aware of online and offline risk actions and know how to avoid them.
Make sure that your system is up to date with the latest antivirus and antimalware applications. Malicious software can come via your wi-fi connection or simply through someone innocently opening an email attachment. Include mobile devices in your antivirus program. Companies such as AVG, Norton, McAfee and Kaspersky all offer entry level or free software protection for desktop and mobile devices.
Any information transmitted via the internet should be encrypted in case of interception. However, data that you store ‘long-term’ should be protected likewise as it’s exactly this type of ‘on-the-shelf’ data (such as account, social security, and credit card numbers that hackers target.
A significant external threat is the burglary of company premises, targeting servers, mobile devices and computers which, of course, contain the desirable data. Simply using Kensington locks on laptops can off-putting to the intruder who is wary of taking the extra few minutes needed to circumvent them. Likewise rack-mounting hardware and locking the server room can create a more secure environment. Also, the use of tracking software can ensure that if hardware does go missing – such as mobile devices lost or stolen in the field – you can locate and secure the item remotely.
Secure your wi-fi.
An unlocked (or ill-protected) wireless network is an open door to hackers looking for sensitive information on your system. If you don’t need wi-fi then don’t have it. If you do, then disable the function that broadcasts its presence to anyone with an antenna.
A survey from security software firm Symantec said that cyber attacks on small and medium-size businesses have an average cost of $188,242 (and within six months of the attack, many of the victims have been forced out of business). Bearing this in mind, examining your security measures for possible holes seems a wise precaution. The 2015 figures are even more starling. According to a new report by Hewlett Packard and the U.S.-based Ponemon Institute of Cyber Crime, hacking attacks cost the average American firm $15.4 million per year, double the global average of $7.7 million. Cyber threats are clearly a credible threat to most small businesses.