We have all heard the story of the hacker "taking down" a corporate network, maybe stealing corporate data or even someone's personal information. The millions of dollars lost, the credit card numbers now publicly available, or even private photos stolen and now not so private.
What we don't often hear is of hackers targeting small to medium-sized businesses. The sector, in fact, is under serious threat. Verizon's 2011 Data Breach Investigations Report indicates that the small to medium businesses have become the main target for hackers. This is clearly linked to the lack of security investment made by smaller companies that has created an environment where there is relatively low risk for hackers compared to targeting major corporations.
What does it cost?
According to Symantec's SMB Information Protection Survey, the average cost of cyber attacks for a small to medium business is $188,242. This number is especially daunting since smaller companies are typically not insured against cyber theft or hacking (usually covered by a cyber insurance endorsement). Clearly, most small businesses simply cannot afford to take the risk of a hacking incident.
Why does this happen?
Small businesses maintain valuable employee, customer, and industry data just like large businesses. Because small businesses often fail to adequately protect their networks, hackers can automate the hacking process and steal valuable data easily. Additionally, small businesses often don't notice hacking activity until it is too late - which allows for hackers to breach networks and steal data without detection.
Advice:
1. Implement a firewall appliance in business office and home offices. Also, install a software firewall on all machines used on public networks (coffee shops for example). Simply put, a good firewall is a barrier that keeps hackers out.
2. Develop a corporate security policy. This policy should include password protections including creating complex passwords and changing passwords at least every 90 days. Additionally, the policy should direct employees to safely use the internet and network resources provided them by the company. Consequences for violating this policy should be also included.
3. Install and maintain anti-virus software that automatically updates, scans and protects all computers. Employees should be educated about viruses and discouraged from opening emails with suspicious attachments or from unknown senders.
4. Keep operating systems up to date each month. Microsoft releases patches and updates on the second Tuesday of each month and updates should be installed shortly after on each computer. Additionally, ask your IT Service Provider to check updates on your server(s), network equipment and PCs regularly.
5. Implement email security. Outsourcing email security to a known email security provider will allow emails to be cleaned prior to ever reaching business networks. This will cut down on maintenance costs and threats. Additionally, ensure that the company antivirus product chosen integrates with your email application.
6. Update your insurance policy. Small businesses should ask their insurance agent to add a cyber insurance endorsement to their business insurance policy. This will alleviate the cost of breach notices, damages and possible litigation.
Joe Mikitish
SEN Technologies
http://www.sentechnologies.com