[BreachExchange] The Growing Cyber Security Risks for Small Businesses and How to Counter Them
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Oct 6 15:45:41 EDT 2017
http://www.selfgrowth.com/articles/the-growing-cyber-
security-risks-for-small-businesses-and-how-to-counter-them
Interactivity and interdependence of devices are increasing with time as
the concept of IoT (internet of things) strengthens with time. While IoT
pursues maximum convenience for individuals and businesses, it has its
associated challenges too. The more intertwined the modern devices become,
the higher the risk of cyber security threats will be. Small, medium or
large, your exposure to serious internet threats does not depend on the
size of your business.If you are a small businesses, you are exposed to
just as many dangers as large enterprises. In fact, the downside for small
businesses is that they are not as prepared as large businesses against
cyber threats.
So, how are cyber security risks are increasing with time and what kind of
risks facing small businesses today? Take a look at the many ways cyber
threats pose a danger to small businesses.
The Ever-increasing Count of Cyber Security Risks
• The BYOD Issue
BYOD (bring your device) is an attribute of IT consumerization. To stay
productive and efficient at the same time, more and more companies are
allowing their employees to use their own devices to access and use
corporate data. An example of this would be a worker using his tablet to
open company's employee-related document repository or an employee
accessing work emails from his smartphone. Unless you have strict policies
and standards set for your BYOD implementation, your business could be at
risk of being infected by malware coming from users' devices.
• Software Update Delays
Do you ever wonder why companies are so adamant at making their users
update to the newest software version? This is because of the older
versions of the same software, application, plugin, etc. are open to risks
of cyber attacks. With small businesses relying on various applications,
web applications and plugins for smooth website operations, database works,
on-premise security, etc. they have to be extra careful at updating them
all. Any non-updated software or application is an open window for internet
thieves to jump into your system.
• Internal Threats
You have to be extra careful when authorizing access to any of your
employees to your network and database. Many of the attacks on big
companies in the past have been allegedly perpetrated by "inside men."
Sometimes the threats from your employees are not intentional but rather
innocent. The authorized person might have access their account and forgot
to log out while leaving the station. Some third person can then take
advantage of the situation and cause damage to the system.
• Sophisticated Phishing Scams
This is a common issue with small businesses as they don’t have strict
protocols for employees to follow before opening emails or social media
links. While phishing scam has been around for a time, the new form of this
scam is called spear phishing. In this type of attack, the scammer sends
email from an address that appears to the receiver as known and acquainted.
This fools the person into clicking on the link and letting a dangerous
malware (a ransomware at worst) enter the system.
• Lack of Cyber Security Knowledge
Sometimes, the problem is not being prepared to face a problem. This is a
common case with many small businesses where owners and caretakers are
under the impressions that cybercriminals won’t attack them—why would they?
They don't realize the top aspect of cybercriminals, i.e., they don't
believe in discrimination. One of the common indicators of lack of
cybersecurity knowledge at a workplace is when employees choose common,
easy and predictable passwords for their entry points to the company’s
system.
What Small Businesses Have to Do to Counter These Threats
• Set Policies with a BYOD Approach
If you want to follow a BYOD approach at your workplace, you better
document policies and regulations about it. Make your employees read these
manuals carefully, so they know what standards and requirements they have
to meet before they bring their own devices into the office. For employees
that have to access your system from remote locations, set up a secure VPN.
• Gives Employees Cyber Security Training
They won’t know unless you tell them, so make cybersecurity-related
training a part of your hiring process. In fact, make internet security
related questions a part of your interviews. Tell your employees to log out
of their accounts and computers while leaving stations. Ask them to have
strong passwords. Facilitate them with applications to not only remember
those passwords but also generate random and difficult passwords. Explain
to them why such measures matter and what the consequences of not complying
with the regulations can be.
• Take Professional IT Help
Go for outsourced managed services or hire your own IT professionals to
take care of the security-related issues. An outsourced service or the
internal IT team will set up a complete system consisting of policies,
hardware and software technologies to not only protect your database from
cyber threats but also respond in time if you get attacked nonetheless.
• Give Authorized Accesses Wisely and Monitor Them
You can give access to sensitive company information and the system to only
a select few employees. When you give them access to the system, grant them
only the permissions according to their roles. Secondly, have a monitoring
system to keep an eye on the activities of these employees. Furthermore,
delete the accounts or change the passwords of accounts that are no longer
in use because the employees they were created for have left the company.
• Choose Third Party Services Wisely
Have proper meetings and consultations before you subscribe to any third
party services. To run a business in today’s digital age, you have to
subscribe to many platforms or applications as services, e.g., cloud CRM.
You want to be sure that you are picking an industry-recognized and
reliable partner. They must have the right security measures taken to
protect not only their system but every bit of information that goes on
their cloud platform from your databases.
Do not forget the security of your website among all this. In addition to
your databases, internal software, applications used by employees, etc. you
want to update your website plugins and applications in time too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171006/e1708900/attachment.html>
More information about the BreachExchange
mailing list