Hardly a week goes by without news of yet another big online security breach that has put a well-known company and its customers at risk from malicious hackers out to steal identities, pilfer corporate secrets, or install malware or viruses. Recent victims include such household names as Target, Sony, Chase Bank, and even noted makeup chain, Sally’s Beauty Supply. In each case, perpetrators compromised the companies’ data banks and got away with valuable information that not only caused the firms great embarrassment, but opened them to legal liability as well.
You may think that as a small business you are somehow immune to these online attacks. After all, you’re just a small fish in a huge pond, while high-profile companies like Target and Chase offer much more tempting possibilities for online thieves. You would be wrong.
Hackers and other malicious online predators are finding that it’s the smaller businesses, not the larger ones that are the easiest to rip off. The reason is simple: Smaller companies have a lot fewer resources and know-how to identify and combat dangerous internet security risks. Smaller companies frequently do not even have an IT department or money allocated (or money to spare) for security. Thieves have come to recognize this fact and are realizing there are many smaller, yet still profitable doors being left unlocked for them. So while the high-profile cases with thousands of victims have been garnering media attention, it would be a mistake to assume that (because your customer base is nowhere near the size of the nation’s largest banks or biggest retailers) you may not be a target of an anonymous predator out to do you serious harm.
As a small business, you have certainly found technology has been a great friend in helping you accomplish more with less. Convenient time and labor saving technology such as laptop computers, tablets, smartphones, wireless and mobile devices have certainly empowered every small business to make great strides in productivity undreamed of just 20 years ago. But these same devices put you at risk if not handled properly. One lost or stolen laptop or smartphone, placed in the wrong hands, could sink your entire operation in mere moments.
The risks jump even higher when firms allow employees to use their personal devices, rather than company-issued ones, to connect with their online network. In 2014, a survey released by Kaspersky Lab found that 62 percent of companies now permitted their employees to use their own personal devices to conduct their work. Frequently these personal devices are not equipped with sophisticated security measures beyond the standard off-the-shelf security that comes with the device when purchased. And you can be sure hackers are well aware of how to defeat these standard measures.
As a result, recognizing both the convenience of working via mobile devices and the risk, several companies are now starting to restrict the use of personal smartphones, laptops and tablets to do company-related work. Instead, they are giving employees company-issued devices that incorporate additional security measures designed specifically to encrypt data and make it harder to steal vital information. The idea is, as described by Marc Malizia, chief technology officer of RKON Technologies, to move from “managing mobility to securing mobility.” If your company allows employees to use personal devices to connect to your network, additional security and encryption could prove a wise investment that might save considerable heartache later.
In addition to risks from mobile devices, wireless networks also leave small businesses open to potential online hacking threats. Experts advise that when setting up a wireless network, be sure to change the default password and encrypt the network with Wi-Fi Protected Access (WPA).
An old, yet surprisingly still effective online security threat comes from phishing attacks – emails that appear to be from genuine senders but that in fact are from malicious hackers and that contain viruses or malware designed to disable your system. While most people are now generally aware not to open emails from unknown sources, hackers have become sophisticated enough to make their phishing emails look as though they have come from legitimate senders, such as a coworker or customer. Firewalls and anti-virus programs can provide protection and should be installed on any network.
Finally, one of the biggest and yet most overlooked threats comes from the most familiar of places: current or former employees. A current employee or a terminated one out for revenge can wreak as much, if not more, damage than the most malicious outsider. To combat this threat, experts advise wherever possible to split up duties and responsibilities between employees to ensure no one person has complete access to your vital information.
There are lots of companies that specialize in online security and helping small businesses stave off risks. The costs to properly protect your information and your customers may seem daunting at first, but when compared with the price of having that data stolen and facing the consequences of lost trust and potential lawsuits, it’s a small expense to pay.