Hedging Small Business Against Hacking Attacks
Many small business managers underestimate the importance of IT security, thinking that small companies are not as appealing to hackers as large ones. This is a false perception. Small business tends to be very attractive for internet criminals, which is mostly driven by the lack of security concern.
Not that many small companies employ a professional IT specialist, but using pirated software and shady antivirus is a common thing. Sometimes all the data is just stored in publicly-accessible folders, with remote banking keys kept in manager’s desk drawer. Using smartphones and tablets for business purposes also increases corporate information leak risk exposure.
According to Verizon research, nearly 30% of IT security incidents belong to companies with less than 100 employees. 10% of the cases led to goodwill injury caused by confidential information leakage. The consequences may be severe, turning with significant business losses and costly equipment recovery.
Establishing a decent protection is not as hard as it sounds. There are just a few IT security rules that need to be followed.
First: setting a firewall against spam and viruses.
According to experts, scumware is the biggest threat to company security. Around 200 000 new scumware versions appear every day. According to Kaspersky Laboratory, 95% of Russian companies have been subject to a hacker attack at least once during the last year. Using mobile devices for unsecured corporate information exchange is just as threatful.
To prevent these threats, a company has to stop using pirated software, set up the firewall and a decent antivirus system, regularly keeping it up to date. The computer that is used for remote banking must be disconnected from all local networks. Internet connection on such computer must be used for remote banking only. If any mobile device is used for work and/or information storage, it should never be used to browse any social utility websites, or to connect to any public Wi-Fi networks.
Second: securing keys and passwords.
Oftentimes small and medium business managers basically hand the RB and electronic signature keys to fraudsters by keeping them publicly accessible. All these things must be kept in a secure location, out of access by any other people.
Third: storing corporate data on a remote server.
Commercial and corporate data is better be trusted to cloud services. This proves to be much more secure than storing it on a computer or a flash drive. All the data in these data centers is encrypted, and can only be accessed using electronic keys and digital signatures.
Fourth: information flow discretion among employees.
It is also important to head off the internal threats – either intended or unintended information security breach by company employees. This risk can be mitigated through setting certain access limits in correlation with the powers and responsibilities of each employee. For instance, sales manager would only have an access to the information on his/her customers, while the full version of the sales database would be only accessible to the sales executive. Chief accountant should only be allowed to operate with the accounting reporting, and only the executive manager should have an access to the managerial reporting. It is certainly hard to completely separate different functions within a small company, but it is still worth trying to distinguish the information flows among employees, thus reducing the information leak risk.
The success of any business is highly dependent on keeping corporate information from falling into the hands of unauthorized parties. IT security solutions come much cheaper than the consequences of ignorance.