It’s clear that small to mid-sized businesses (SMBs) generally don’t have the luxury of IT security teams like larger enterprises, but they still face similar security threats. Knowing what’s out there, SMBs can prepare themselves to address these issues before they become real threats. Here are 10 common security problems which could negatively impact the operation of an SMB.
1. Lack of data security policy
Business managers should possess basic knowledge about data storage – whether it’s being kept on on site in traditional servers, or in cloud services and mobile devices. Data storage, access permissions, data processing and the security controls in place should all be documented. This will serve as a foundation for developing a data security policy, together with a back-up and disaster recovery plan.
2. Viruses and worms
Computer worms and viruses are the most common security threat – 75% of SMBs were affected by at least one virus last year. And those can have a catastrophic effect on business operations continuity – cleaning infected computers takes a lot of time. Employees often spread viruses and spyware by accessing malicious websites, opening email attachments or downloading untrustworthy materials. These attacks are unintentionally invited into the organization and can cause significant financial losses. Security systems must be there to detect and repel worms, viruses, and spyware at all points in the network.
3. Lack of employee training
SMBs tend to believe that cyber-criminals are after the big players, but that’s not true. They often target SMBs to get access to computers they use for online banking and payments. A cyber attack is often based on opening a “phishing” e-mail message with an attachment full with malware that allows the attacker to infiltrate the network. SMBs should make sure their employees have spam filters and apply web-surfing controls on their’ internet usage. Most importantly, they should strive to train employees. Training will help them to acquire an awareness of potential threats and they will never open anything that seems even remotely unusual.
4. Information theft
Information theft is a lucrative business. Just consider information about credit cards or social security numbers. And in this regard, SMBs are an easier target than large corporations. Protect the perimeter of the network, but also make sure to rule out the possibility of an insider such as an employee or contractor stealing information. Businesses which don’t protect their information face lawsuits, fines and a loss of reputation.
5. Removing information from old devices
When disposing of old computers and other devices which have been storing business data, SMBs should remember to remove all the hard disks and destroy them. Other types of media might be included here as well. Naturally, paper holding sensitive information should be destroyed too – all these things compromise the security of a business.
6. Business availability
Security is not just abut fighting viruses and worms, but also denial-of-service (DoS) attacks. Those can shut down websites and e-commerce operations by simply sending lots of traffic to a critical network element and causing its failure. Needless to say, the results of such an attack can be disastrous – businesses might lose data, orders won’t be processed and customer queries left unanswered. SMBs aren’t immune to these attacks, in fact they’re probably less prepared for them than large corporations. This is something every SMB should look into – especially if they notice a significant slowing down of online operations.
7. Mobile threats
Many SMBs transition from desktop computers to smartphones or tablets in business operation, perhaps without full awareness that these new operating system platforms require different security methods of updating and control. Business and IT executives should develop a strategy for security – especially in “Bring Your Own Device” situations where employees are allowed to use their own devices for business. Balancing security needs of the business with personal usage of data is key here.
8. New technology threats
Every new hardware or software release presents new opportunities for mischief. When peer-to-peer networking was still new, its users were attacked by malicious code written specifically for these functionalities. Today we see the same happening for mobile phones. Business and IT mangers should keep tabs on new technologies – being able to predict what’s coming next will help them to defeat the business against future threats.
9. The power of employee verification
Before entrusting them with sensitive data or devices, do an official background check on prospective employees to spot any traces criminal history or have a look their social media history. Do the same check before you hire a provider or vendor (for instance, a cloud service provider) – make sure to have everything written down in a signed contract with consequences defined in case of failure to deliver. It’s a good idea to pay a visit to data-center operations of your business partners with whom you plan to electronically share customer data – have them provide you with details on security, backup plans and people involved.
10. Security legislation
SMBs should be aware of new laws and regulations which require them to protect the privacy and integrity of the information entrusted to them. In the European Union, the EU Data Protection Act governs personal data acquired by organizations. This is a standard which takes different shapes in different industries. Executives should make sure that their businesses comply with laws and regulations that apply to their markets. This is how they gain consumer trust.
Being aware of these 10 threats will help you to accurately develop a security policy at your business and avoid taking risks when it comes to the tech part of your operation.