It’s unfortunate that even a simple breach of security can cause significant damage to a growing business, but it’s a reality you have to prepare for. Cyber security is a topic that needs to be taken seriously, even in small businesses, but all too often it takes a back seat as a low priority. Large corporations have the resources to invest heavily in cyber security (sometimes recruiting their own in-house teams), and the vested interest of having millions of dollars of resources to protect. Small businesses, on the other hand, have a lower risk of being the victim of an attack and fewer resources to allocate to IT security.
Nevertheless, there are simple, basic steps that every business needs to take to protect its information. Neglecting even one of those steps could open a door to any hacker with enough time on his hands to go through with an attack. Don’t let yourself ignore these five important cyber security risks:
Most “hacking” attempts don’t involve some techno-genius with 20 monitors, holed off in a remote lab. They involve simple, everyday people with password knowledge and a motivation to do some harm. Sometimes, this is a move for profit, but other times, it’s a move to purely be destructive—either way, a disgruntled or vengeful ex employee could easily take advantage of your systems (if you don’t have the right countermeasures in place).
When an employee leaves, for any reason, it’s important to take inventory of all the passwords he/she held and what systems he/she had access to. Immediately disable access to those systems in any ways you can; sometimes that will mean deleting an account, and other times it will mean changing passwords. Don’t take the risk.
Phishing Scams and Software Vulnerabilities
Here again, we find that the critical vulnerability is human-based. It’s easy for a worker to neglect a personal cyber security responsibility in the course of daily operations—for example, a poorly informed worker who receives a strange email could easily fall victim to a phishing scam, revealing a password and making it easy for an outside hacker to gain access to your systems.
Software vulnerabilities, such as PCs that are not protected from malware, browsers, or plugins that are not up-to-date could easily allow an attack as well. To prevent these possible attacks, make it your job to keep all your employees informed about the possibilities of attacks, and best practices for keeping your corporate information secure.
Lazy Password Policies
The vast majority of “hackers” get in through knowledge of passwords rather than a complex backend forced attack. I’ve already explored the possibilities of obtaining this password as pre-existing knowledge or as an acquisition from a phishing scam. There’s also the possibility that your password could simply be guessed.
Make it a point to ensure that any passwords you or your team come up with are secure—avoid any common passwords like “password” or “1234567,” and be sure to include a healthy mix of lower-case letters, upper-case letters, numbers, and symbols. You’ll also want to use different passwords for different platforms—using the same password too many times can make it easy for a single breach to turn into a widespread and multifaceted attack.
BYOD stands for “bring your own device,” a policy that is now active in an astonishing 74 percent of workplaces. Under a BYOD policy, employees are allowed to bring in their personal digital devices to the office for work or personal use (while on breaks, etc.). On the surface, it seems innocuous to allow your workers to bring in their mobile phones, tablets, and other personal devices—in fact, it would seem strange in this era if you didn’t allow workers to bring those devices.
Most of us don’t go anywhere without our smartphones. But what you need to realize is that those devices can be deadly gateways to your company’s infrastructure. A smartphone wirelessly connected to your Internet could be an easy backdoor into your systems. If you choose to have a BYOD policy, be sure to set restrictions on how those devices can be used and raise awareness about personal device security.
Poor Choices in Vendors and Suppliers
Not all security risks are internal—in fact, by some accounts more than 75 percent of all security breaches are due to an infiltration of an external third party. For example, if a hacker gains access to a CRM system, it can easily find records of your businesses contacts, contracts, and histories, which can then be exploited.
There are a few ways to prevent this possibility. The first involves a careful selection of third party vendors to deal with—be sure that all your partners, vendors, and suppliers have advanced security measures to ensure that your personal account information remains safe. Second, whenever you make a move to switch suppliers, be sure to remove your information completely from your previous supplier’s site. In fact, the fewer active relationships you maintain online at any given time, the better.
Take action to prevent these cyber security risks; if you wait until a breach actually happens, it will already be too late. Fortunately, taking countermeasures against these potential breaches is often an inexpensive and technically simply effort. Make those small, important steps, and you’ll put yourself at far lower risk of being a victim.