Top Security Risks to Your Small Business
Original Article Courtesy of The Hartford, Small Biz Ahead
Target’s 2013 data breach cost the company $250 million in damages after hackers managed to steal around 40 million customers’ credit and debit card numbers. But the true overall cost can be hard to measure when you consider the bad press, the drop in productivity caused by internal mayhem during the crisis, and the dip in consumer confidence, all of which likely contributed to Target’s swift drop in profit following the breach.
And if this happened to Target, which employed a full cybersecurity team, it can easily happen to small-medium businesses (SMB) with minimal or nonexistent cybersecurity budgets.
So, how can your small business protect itself when you can’t afford a “Cyber Fusion security center?”
It starts with identifying why small businesses are so often targeted, the common mistakes small businesses make, and the most common cyber attacks on small businesses.
Why Small Businesses Are Hackers’ Favorite Targets
When it comes to poaching data, hackers tend to focus on easy prey: small businesses. Why? They often lack strong security measures and standards. Likely due to their leaner teams and many hats, most small business owners don’t make it a priority to:
- Regularly monitor server networks and data
- Invest in an IT specialist
- Ensure that they only operate on secure Wi-Fi
- Learn about and train their employees on cybersecurity best practices
This may seem understandable, since many small business owners have a lot on their plate and tend to assume that getting hacked just won’t happen to them. But helping ensure data security is essential for small businesses. Most simply can’t afford to absorb the astronomical cost of a data breach in the way that a large enterprise like Target can. In fact, it’s reported that 60% of small businesses that suffer data theft close their doors within six months.
Three Common Security Mistakes Small Business Owners Make
Avoid these common mistakes to keep your business’s data safe.
1. Using Poor Password Standards
This is one of the top security mistakes small business owners make. Don’t be lazy about your password standards if you’d rather not join the ranks of small businesses that get hacked. The following password standards don’t yield strong enough passwords to withstand a password attack:
- Less than eight characters
- A lack of various letter cases, numbers, and special symbols
- Allowing the use of one password for multiple platforms and applications
And that’s just when it comes to the content of the passwords themselves. You also should regularly change all passwords and consider using two-factor authentication (where more than a user name plus password is required), for added security.
FBI Recommended Passwords – Instead of using a short, complex password that is hard to remember, consider using a longer passphrase.” (use link to learn more)
2. Lacking a Clear BOYD (Bring Your Own Device) Policy
Allowing employees to use their own electronic and mobile devices does have benefits. They’re comfortable using them, so they’re more efficient and productive, and it likely saves you overhead cost.
But, if your BYOD policy doesn’t include guidelines around software updates, IT support, encrypted data options, or when and where employee-owned devices can be used for work—and especially if your BYOD policy just plain doesn’t exist—then you leave your business wide open to data breaches.
Further Reading – Work-from-Home Response a Boon for Cybercriminal Exploitation
3. Trusting Public Wi-Fi
While waiting for a client at your local coffee shop, it’s tempting to hop onto the free Wi-Fi and get some work done, but be wary. Hackers often set up their own Wi-Fi hotspots, giving them sneaky names similar to where they are (for example, Pete’s Coffee – Guest). When unwitting Wi-Fi users join these poser networks, hackers can easily gain access to their devices. And, even if you do land on the right network, public Wi-Fi offers little to no real security from savvy hackers.
Four Common Cyber Attacks on Small Businesses
Did you know that during any given second, 3.5 new cybersecurity threats arise? Small businesses are often the target. Here are the most common types of attacks on small businesses.
Malware is a broad term for malicious software that’s designed to gain access or cause damage to a device, typically with the purpose of stealing data such as personal information and credit card numbers. There are several types of malware small business owners should know about: adware, spyware, and Trojan horses.
2. Password Attacks
When a hacker learns your password(s), they gain access to all your information. Hackers can get an unknowing user’s password in several ways, including “brute force attacks” during which specially designed programs generate and try every possible combination of letters, symbols, and numbers. Using a 10-character password of upper and lowercase letters can slow down these programs, since it can take more than 100 years to land on the right one, so consider using longer, more complex passwords.
Hackers use this technique to trick people into willingly handing over their information, from passwords, to credit card numbers, to Social Security numbers. Typically, hackers pose as a reputable source via email or text, asking their victim to follow a link and, for a seemingly important reason, provide key information. While these types of attacks are often digital, phone phishing scams also are possible.
While pharming, hackers compromise the naming system in a server so they can make users think they’re accessing legitimate sites when they’re actually being redirected to fraudulent ones. Once on the fraudulent site, users are prompted to provide sensitive data such as credit card information or Social Security numbers.
Further Reading – 17 Types of Cyber Attacks
Help protect yourself, your employees, and your business by discussing these security risks with your IT Partner. Additionally, you can develop best practices for preventing data breaches—including effective security policies and employee training programs.
Helping Your Business Grow