Small businesses are the perfect target for cyber-attacks.
Why? Small businesses' IT components often lack the sophisticated security tools used by larger firms to protect proprietary and customer information. Data thieves know these security vulnerabilities exist. Owners should know about them, too.
If you suspect your data-security efforts are lagging behind the times, it's never a bad idea to assess whether you need to improve your company's defensive profile. And even if you think you're up-to-speed, you should take a second look.
Based on a new report from TrendMicro, let's look at five ways to shore up small business from the IT side, even on a limited budget.
Cyber-crime: What Every Small Business Should Know
There were some 27 million small and medium-sized businesses operating in America in 2011. If you're in charge of keeping one of those businesses secure, here's a shortlist of facts and strategies that you'll want on hand.
1. Learn the trends and stay up-to-date. Cyber-criminals know enough about businesses to tap into the everyday dealings of SMBs. As the IT figurehead, your first step is to get informed and keep everyone else on alert to the kind of exploitation at work. Some common things to look out for:
- Phishing campaigns can appear as tax-related messages, using the names and lookalike designs of legitimate government agency e-mails.
- Other efforts to mimic legitimate requests from services and applications that the company already uses.
- Company computers need to be scanned for bots frequently. This malicious software typically arrives inside an e-mailed file. They then infiltrate the computer in question, allowing cyber-criminals to control the device without tipping off employees and customers.
You can stay further informed via government websites, such as the FBI's, where press releases are posted about new threats.
2. Set BYOD policies and push for a cloud-security budget. The small-business cloud market is valued at more than $8.6 billion, giant according to Information Week. Chances are, your company stores its data there as well. Yet, a recent IDC report showed that only 19% of small businesses polled expected to increase spending on security management in the cloud. As the IT defender at your SMB, you want to lobby to enhance and increase your cloud security. This is not only about budget, but also about creating and implementing a bring-your-own-device policy for employees who use their smartphones and tablets to tap into the cloud during work.
3. Stay aware of banking protocols. Survey data from Visa Inc. and the National Cyber Security Alliance tells us that 85% of small-business owners think that, because they're small, they're safe from data thieves and hackers — the assumption being that cyber-criminals only want to steal from multinational giants. The truth? More than $1 billion dollars were stolen from small businesses' bank accounts in 2011, largely the result of compromised passwords.
The takeaway: set a strict policy surrounding your company's banking protocols, and then enforce it.
4. Know your contingency plan. Data loss doesn't have to mean compromised bank passwords: account information and credit card numbers comprise only about 25% of the personal information stolen by cyber-thieves, according to DataLossDB. The rest consists of customer names, postal and e-mail addresses, dates of birth, social security numbers, and other details that can lead to larger losses for the individual. So, build a contingency plan before you suffer a breach. Lay out the steps your company will take — from notification to damage control — should customer data be stolen.
5. Emphasize the cost of a loss. Each year, the typical multinational organization spends some $3.5 million to secure its information. The main reason? The costs of a data breach — from lost productivity (and lost customers) to legal consequences — far outweigh the expense of locking down valuable data. The equation works, on a smaller scale, for small businesses, too. Cyber-criminals can cripple a company with one well-placed hit. You may not have millions in your budget, but you still need to advocate for the resources that will prevent the larger costs incurred by thieves exploiting your systems.
More than half of small-business owners (54%) are confident that they already do enough to protect the data that they possess. Maybe that's true of your company, but it might not be. Use these tips to evaluate whether your small business is actually hitting all its security marks, and then make changes to shore up your infrastructure against data thieves.