Wednesday, April 23, 2014

5:52 AM

Is Your Small Business an Easy Target for Hackers


Cyber security threats are everywhere, a new exploit hits the net every few minutes. Small businesses are a popular target for attackers because they have fewer resources to invest in protection, and more to lose from infiltration. Is your network vulnerable? This quick guide will identify three of the most common and most easily remedied security oversights.


Common Oversights and Vulnerabilities

Awareness is your most powerful weapon in the fight for better data security. Examine and manage your risk level, beginning with the following three code-red security vulnerabilities:

Outdated Software

There is no such thing as inherently secure software. New vulnerabilities appear every day. Software developers stay on top of these vulnerabilities and release periodic updates to fix them, and these updates are incredibly effective when deployed correctly. The problem is that updates are time sensitive: wait too long and a hacker could reverse-engineer the threat and beat you to the punch.

In addition to being time sensitive, they can also be time consuming to collect, test, and deploy – especially over a network of computers with varied configurations and software packages. Your update management policy needs to include every piece of software, every driver, and every plug-in. Uninstall the old legacy utilities you no longer need, and download batch software to manage updates for the rest.

Unsecured Data
Businesses that don't have a written data management policy tend to "lose" important documents along the way, from files saved to the wrong location to the contents of entire accounts left behind by previous employees. It is extremely important to draft a plan to determine which types of data you need to keep, where to keep it, and who can access it.

Implementing strict end-user access policies are important but they cannot do the job on their own. Your employees need to have stellar passwords (lowercase, uppercase, numbers, and symbols together in one password) to dissuade brute force attackers. Your business will also need the standard combination of firewall, virus scanner, and encryption software to block outside access.

Social Engineering

The oldest trick in the book is still the most potent threat to small businesses. Social engineering – otherwise known as "smooth talking" is the art of using simple deception or impersonation to obtain restricted information. Nigerian email scams were some of the first well-known cyber security threats, but those tactics have grown more advanced: hackers can now spoof the credentials of banks, service providers, and other businesses.

Training employees to detect and counteract these threats is particularly difficult because there are no hard and fast rules that can prevent these types of frauds. Hackers can spoof entire websites to make them look just like the original, and many malware infections utilize redirection techniques make employees think they have reached the correct page. Some brazen hackers even use direct phone calls to gather the information they need.

The Quest for Better Cyber Security

Security begins with awareness. This guide already mentioned a little bit about training employees to avoid potential social engineering attacks, but they are your first line of protection against all forms of data breach – usually the employees are the first ones to notice that a system feature has broken or if a webpage is acting strange, or if their data is missing or corrupted. Encourage employees to take a proactive stance and report any issues that arise.

Of course, it all comes back to the issue of funding: small businesses that cannot afford an IT team are going to have a difficult time deploying the necessary security software and data protection protocols. So utilize all the free resources you can: software development firms are often happy to assist their customers with deployment issues, your local chamber of commerce might have resources to provide, or you could hire a consultant to help you create an actionable plan that fits your budget.

Your business cannot afford to skip out on cyber security – data breaches can end business relationships, scare away customers in droves, can result in stiff fines and penalties, and the cost of cleanup is nothing to shrug off either. Put an emphasis on data security before information thieves set their sights on your customers, clients, partners, and employees.