The news is full of stories about the hacking into large companies: Burger King, Jeep, The New York Times, and even supposedly adept tech companies such as Apple, Twitter, Facebook, and Microsoft. Unfortunately, hacking isn’t just for the big boys — small businesses are facing an unprecedented threat of cyberattacks.
According to a study by security software company, Symantec, 36 percent of all targeted attacks recently have been made against businesses with fewer than 250 employees. This problem is made worse by the fact that, according to the National Cyber Security Alliance 83 percent of small businesses have no formal cyber security plan and 69 percent have no plan at all. This makes small businesses easy pickings for scam artists (the only criminals we refer to as artists) who can steal critical data from companies from safe havens anywhere in the world. The failure of small companies to protect their online banking information is rapidly becoming an epidemic.
So what should small businesses be doing to protect themselves? Here is a short list of helpful steps:
- Make a real commitment to data security awareness. Engage the assistance of professional security people. It is cost effective particularly when compared to the cost of a security breach where, unlike private consumers who have their bank account hacked, commercial accounts are not protected by federal regulations. Companies have not generally been reimbursed for funds stolen due to a security breaches traced to the commercial business.
- Install proper Firewalls.
- Install security software and keep it constantly updated to meet the latest evolving threats. Identity thieves exploit the fact that some companies fail to update their security software in a timely fashion.
- Train your employees in proper security practices and limit access by employees to sensitive data to only those employees who need to have such access. A major source of data breaches in large and small companies alike still occurs when employees unwittingly download keystroke logging programs that can read and steal all of the information on a business’s computers. Often these keystroke logging malware programs are unwittingly downloaded by employees surfing the Internet for pornography or video games. In fact, 40 percent of all free pornography is viewed at work on company computers; identity thieves are aware of and exploit this fact.
- Encrypt all data, particularly on laptops and portable devices that may leave the workplace.
- Do not permit unauthorized devices to be plugged into office computers or laptops, such as MP3 players, smart phones or USB keys. They can be tainted and download malware on to the company’s computers.
- Maintain and regularly change complex passwords, remembering that this step although helpful is of little benefit if you have downloaded a keystroke logging malware program.
- Make sure that when you replace computers and other electronic devices that the hard drives and data are obliterated.
- Shred with a cross shredder all discarded documents containing sensitive information; dumpster diving identity thieves turn your trash into their gold.
It is important to remember that things are not as bad as you think — they are much worse. But by taking some basic precautions, you can go a long way toward protecting your business from a cyberattack.
Steven J .J. Weisman is a senior lecturer of Law, Tax and Financial Planning at Bentley University. His Scamicide blog contains the latest information on identity theft and scams.