[BreachExchange] 4 HUGE Misconceptions About Business IT Security
Audrey McNeil
audrey at riskbasedsecurity.com
Thu May 26 19:11:45 EDT 2016
http://www.smartdatacollective.com/kyle-cebull/412709/4-huge-misconceptions-about-business-it-security
When it comes to IT security, many business owners think that hackers are
only targeting large businesses. We see things like the Target and Home
Depot breach in the media and we think they’re the only ones having trouble
with hackers. But the fact of the matter is that more and more, hackers are
turning to small businesses to try to cash in. From ransomware and phishing
for your credentials, the risk is real for business owners that are trying
to protect their data. Rather than making assumptions and using old
knowledge to guide your IT security strategy, it’s time to challenge what
you thought you knew. Here are a few huge misconceptions about business IT
security:
1. Thinking you aren’t the target.
This is probably the most dangerous assumption to make, because it gives
you an excuse to put things on the back burner and delay your IT security
improvements. The fact of the matter is it’s not just the big guys that
hackers are targeting. In fact, in recent years, hackers have gotten wiser
to the fact that big businesses are investing millions into security, while
small businesses aren’t doing that. While these stats come from a study
completed in the UK, we have to imagine that we have similar issues in the
US: 74% of small businesses reported a security breach in 2015.
Cryptolocker and ransomware are becoming massive opportunities for hackers
to encrypt your network and demand thousands (sometimes hundreds of
thousands) for access back into your data. Don’t make the incorrect
assumption that small businesses aren’t the target, because they absolutely
are - and the faster you get over that assumption, the faster you can
protect your livelihood.
2. Underestimating the value of your data to a hacker.
Never underestimate the value of the data that you hold. Hackers understand
that that data means a lot to you and that you’ve paid employees to work
countless hours to compile it. If you’re a consumer business storing
customer financial information, there’s an entire marketplace where hackers
sell identity and credit card information. Something as small as access
into an e-mail account for $10, and a Facebook account for $20. These
hackers are making a living selling you and your customers information on
eBay. You need to understand that this is real and your data has a value.
Protect it, even on the personal level, like you believe that.
3. Underestimating the importance of the basics.
Windows updates, antivirus updates… you NEED to install these things. If
you have Managed Antivirus you probably already have your network
administrator or Managed Services Provider doing this for you, but if not
you need to be sure that you are constantly updating. These updates are
usually fixing security holes that have been exploited by hackers. When you
click ignore you’re aren’t closing those holes and you’re leaving your
network open to hackers.
4. Thinking Macs are impervious to infection.
Yes, it’s true that 95% of viruses are written for Windows and not Mac, but
you have to understand that number used to be 99.99999%. Now, more and more
apple products are finding their ways into hands of consumers and
businesses, which means that more and more hackers are going to be turning
their attention towards exploiting the security holes in those platforms.
You know what they say happens when you assume, right? Your network gets
taken down by a garage hacker, you get cryptolocker, you lose all your data
and you end up really sad. Okay, maybe not that bad (as long as you have a
good business continuity solution in place), but don’t underestimate the
importance of a really secure network. Managed antivirus, an updated
firewall and router, and savvy employees are just the beginning. If you
even have the tiniest doubt about the security of your network, bring in an
IT security professional to check things out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160526/72cfbed8/attachment.html>
More information about the BreachExchange
mailing list