This is a guest post from professional blogger, Marie Fincher. With a background in marketing, technology, and business intelligence, Marie frequently shares her experience by blogging about data science, BI, new marketing trends, and branding strategies.
Experian. It’s an enormous business enterprise. And yet, the personal data of millions was recently hacked. The IRS. It’s a huge arm of government, and yet it, too, was hacked. And recently, it was reported that Russian hackers got into American power grids and other sensitive infrastructures of the U.S.
If these entities—with supposedly the most up-to-date security measures—can be hacked, what makes any business think itself immune? And yet, business owners and/or IT departments are often hedging their bets that it won’t happen to them. Think they’re too small to matter? Think again.
No business is too small to matter. In fact, smaller businesses are great targets for cyber criminals simply because they know that security measures are not as strong. And they can steal personal information of customer/clients with ease and quickly sell that information.
In light of this, here are six of the security risks that you must do something about – now.
- Your People
You have dedicated employees who work hard for you. They are not, however, security experts, and they can engage in activity on their work computers that will leave you vulnerable to attack. They access their personal email and social-media accounts while at work, they open phishing emails, and they click on links that turn out to be malware.
You have a few options here, and you need to use them. Your in-house computers should not allow employees to access any of their personal accounts. Block that usage altogether and house all confidential and proprietary data on a virtual public or private network in the cloud. Also, educate and train your employees on the risks and best practices, so they, too, understand the risks that their activity poses.
- Third-Party Companies
The 2013 security breach of Target occurred through a third-party vendor they dealt with, resulting in a breach that cost the retail giant millions of dollars. Whenever a business allows third-party access to its systems, those systems are at risk. Hackers get into those third-party systems and then potentially access yours too—rendering your stringent in-house security protocols worthless.
The answer here lies in network segmentation. Establish dedicated servers that vendors use. Then, they won’t be able to connect to your company’s critical network.
Any accounts that are associated with your business should have strong passwords, and the giving out of those passwords must be restricted on a “need to know” basis. Managers and supervisors must not share their passwords with their administrative assistants or, heaven forbid, interns. Furthermore, passwords should be changed at least every 30-60 days.
Two-factor authentication (2FA) such as biometrics or facial recognition should also be considered. It’s just a smart additional layer of security.
- BYOD – a Potential for Great Harm
It’s a common practice. Employees conduct work remotely, from home or out in the field. They bring their devices to work and often use them for company business. But understand this: no matter how secure your in-house protocols are, those devices do not have the same level of security.
Businesses must consider this threat as a serious one – the convenience for employees is great, but there have to be very strict policies in place regarding their use and access to company networks. Those policies must include allowing access only through a VPN and 2FA protocol.
Joyce Culverson, IT manager for the online writing service, Trust My Paper, speaks from experience: “We have clients who expect their personal information to be held in the strictest confidence. And we have writers who work remotely with those clients, through our system, on their own devices. Our vulnerability was painfully obvious. Moving to a VPN and using a 2FA protocol as writers accessed our systems was a critical piece in our security policies. Thus far, it has worked.”
- Management of Patches
This is a fundamental strategy: software updates are rather continual and, frankly, critical. This was underlined when businesses failed to download a patch from Windows OS, to protect against an attack known as Eternal Blue. Without the update, businesses were attacked with ransomware through no fault of their users. This particular breach, known as WannaCry, hit the healthcare industry hard, and we can only imagine how much personal information was held hostage as a result.
IT departments worry about patches. Specifically that downloading them may impact other parts of their systems. Still, which is the greater evil?
Tie Up These Five Loose Ends
No business can consider itself too small to be a target of cyber-attacks. In fact, the smaller the business, the more it can become a target. Only the huge breaches are made public, but many more smaller businesses have become victims. These five threats should be taken seriously and dealt with.
You can read more of Marie's insights at her blog, here.