[BreachExchange] Small business owners should take steps to make their systems safe from hackers

Audrey McNeil audrey at riskbasedsecurity.com
Wed Jan 25 20:14:21 EST 2017


http://www.thedailyreporteronline.com/news/2017/01/25/small-
business-owners-should-take-steps-to-make-their-systems-safe-from-hackers/

An industry review of cyber security practices of small and medium sized
businesses found that 55 percent of respondent companies suffered a cyber
attack in the past 12 months.

Half of the 600 IT professionals at those companies admitted their
employers having been the target of data breaches during the same period,
according to the survey commissioned by Keeper, an online
password-protection service and digital vault.

No small business owner can ignore these data, reports online publication
Small Business Trends.

Jeff Charles writes in the piece that it’s easy to think a small business
would never have to deal with cyber security issues, but there are several
reasons why a hacker might go after a small business.

Details about customer payments and employee information are what hackers
are after, experts say.

“This information is as valuable as gold to hackers,” Jeff Charles writes
in the article. “If your system isn’t secure, these hackers could have
access to payment information and Social Security numbers.

“It’s your job to make sure that this information is protected.”

The Council of Better Business Bureaus confirms the notion, reporting that
7.4 percent of small business owners have been defrauded as a result of the
tactic.

Another reason small businesses are targeted is the lack of seriousness
some take the problem.

“They think that they’re too small to get a hacker’s attention,” Charles
continues. “However, this is one of the main reasons why a small business
might get hacked.

“Hackers know that most small business owners don’t invest in cyber
security … because small business owners tend to think they have nothing
worth stealing.”

He offers a number of methods small business operators can employ to stem
digital attacks.

First, cyber security insurance is an option.

“Sure, we all hope that security breaches won’t happen,” Charles says. “But
hope isn’t good enough. You need to make sure your business is covered.”

Cyber liability insurance is designed to protect a business from various
cyber security threats.

For example, If there is a security breach and a given company is held
liable, the company may end up having to pay out amounts well into the tens
of thousands of dollars in a lawsuit.

“This can cripple most small businesses,” he adds. “If you have cyber
liability insurance, you won’t have to worry about this.

“If you buy the right type of insurance, your legal costs will be covered.”

A second tactic small businesses must employ is a password strategy,
consisting of education and accountability.

“If your team isn’t educated, it’s possible that they’re using passwords
that are way too easy to hack,” Charles writes. “You should make sure that
your team members are required to create passwords that include a
combination of uppercase and lowercase letters, along with numbers and
symbols.

Passwords should be updated at least once a month.

Recognizing the inconvenience, Charles says it’s well worth the commitment.

Small companies may want to use virtual data rooms, too. A virtual data
room is an online repository where a company can store data — usually
associated with financial transactions.

Charles says small companies may also want to store other important
information, such as financial information, legal documentation, tax
paperwork and intellectual property information, in a virtual date room.

And, finally, company operators must consider the possibility of internal
threats.

“This may be a surprise, but most of the cyber security issues that happen
are the result of someone inside the company,” Charles says. “It’s not
something most business owners want to think about, but it’s totally true.”

He cites that 55 percent of all cyber attacks come from inside the
organization with the following breakdown:

• 31.5 percent are done by malicious employees; and

• 23.5 percent are done by company insiders who mistakenly leave the
company vulnerable to an attack.

Most small businesses naturally would expect that any attack would come
from outside of the organization, but Charles says there must be nearly
equal consideration of people inside the business.

“Make sure that you are keeping an eye on your authorization requirements,”
he says. “Be careful when you’re deciding which employees should have
access to sensitive data. This will help you prevent ‘internal hacks.’

“Don’t feel guilty for watching your employees’ activities; as the owner of
your business, it’s your duty to ensure that you and your team are being
protected. I get it; you don’t want to micromanage. The key is to find the
balance between being safe and being big brother.”

He writes that the circumstances are different for every company, but a
balance does exist.

“You owe it to yourself, your employees and your customers to make sure
that your business is secure,” Charles concludes. “Preventing cyber attacks
should be one of your top priorities.

“If you take the right steps, you won’t have to worry about endangering
your business.” <http://www.claruspartners.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170125/14a4b9ca/attachment.html>


More information about the BreachExchange mailing list