In the wake of all of the breaches that we read about on an almost daily basis, large companies have begun to take the cybersecurity threat seriously. While they are far from perfect, far from secure, they are way more secure than they were even 5 years ago.
What that means is that big businesses are harder to attack. The hackers understand this so they are moving on to the small and medium size businesses. While these businesses don’t have as many records to steal, they do have some things that make them attractive to crooks. While this list is a generalization, it applies in most cases:
- They typically do not have an in house cyber security staff
- They often don’t even have in house IT
- They do not have sophisticated security logging solutions
- They almost never have a security alerting system
- And, many times, they are vendors to bigger companies – an easy way in to those larger companies.
The Target breach started with a small HVAC (refrigeration) repair vendor outside of Pittsburgh. The Home Depot breach started with a small vendor that provides credit card machines at self checkout lanes in some Home Depot stores. Those businesses had been compromised for months while the hackers waited for the right moment.
Given that, what can or should small businesses do?
The first thing is to understand that they are not immune from attack. While we don’t have good statistics, numbers seem to indicate that more than a third of attacks hit small businesses.
While Target can afford to spend $200 million and 3 years to recover, small businesses are in trouble if they have to spend even one million dollars.
Some of the measures that you can take to reduce your risk include:
Train your employees
People are a major cause of breaches. Clicking on a malicious link, opening an infected email, connecting to malicious WiFi can all be the start of a breach. If employees use their personal phone or computer to access company resources then training needs to include that as well.
Pick good/strong passwords
The two most common passwords in many breaches are password and 123456. Needless to say, those are not good choices.
Use Two Factor Authentication
Using two factor authentication like a one time text message code, makes stealing passwords almost useless. It may take 10 seconds longer to log in, but it also may keep the bad guys out.
Don’t Forget About Paper – Shred it
There is still lots of paper and paper with sensitive info. Shred it before disposing of it.
Buy Data Breach Insurance
Even today, data breach insurance is relatively affordable. It is way more affordable than writing a check for even $50,000, never mind writing a check for a million. Since data breach insurance varies from policy to policy, it is important to make sure that you get the right coverage, too.
These are just some suggestions, Most of them don’t cost very much. Make it harder for the bad guys.
Contact us for more recommendations.
Information for this post came from Newsblaze.