No business is completely safe from security vulnerabilities. Just look at Target, Home Depot and TJ Maxx. While these well-known companies may seem like a more attractive target for hackers, the businesses flying under the radar face the same, if not more, threats from cyber attackers looking to cause mayhem in a company.
To help small- and midsize-businesses stay protected, we asked tech experts what the biggest security risk these companies face and how they can defend against them.
Here is what they had to say:
Cyber attackers don't discriminate.
Small and midsize businesses often make a philosophical mistake right off the bat: They assume they are too small to be relevant to hackers. I can promise you that cyber attackers believe in equal opportunity for targets.
So while larger companies often opt for corporate-owned devices, there are many products available on a per-seat basis that will work to secure proprietary data even when accessed by personally-owned devices. This is where SMBs need to focus: on the protection of their data. Even if your strategy is not as comprehensive (or expensive) as those in place at a federal agency or a massive corporation, building roadblocks on the way to exposed plaintext information is a necessary tactic to discourage hackers. Otherwise you’re an easy mark.
-- Ray Potter, CEO of SafeLogic, a company providing security, encryption and FIPS validation products to applications
Security flaws are everywhere.
Right now a lot of the challenges arise from how networked and interconnected the modern marketplace is. Social media is a great example of a technology and business advancement that has brought businesses closer to customers and clients while also increasing business risk.
As employees engage in sales and networking across social networks, new pathways into the business open up and cyber criminals know how to exploit them. One of the most effective actions businesses can take to reduce the risks that come from our interconnected marketplace is to provide knowledge. Many users do not understand how cyber criminals leverage social tools and technologies to gain access to businesses and their data. A simple weekly update from IT on threats and how to avoid them is an important way to ensure your user base is well informed and avoiding risky online activity. It empowers your employees to be accountable for security, and incorporates them into your security solution.
-- Anna Frazzetto, Chief Digital Technology Officer and SVP at Harvey Nash, an IT recruiting firm
It comes back to the data.
Protecting sensitive data from hackers should be the top priority for businesses of all sizes. These threats can come in the form of phishing and malware that seek to infiltrate the corporate network, endpoints and the cloud applications employees use. To mitigate against these threats:
- Update patches as they become available
- Use security products that protect the entire IT stack – the device, operating system, application, network, cloud and data layers
- Train employees to have security awareness
-- Pravin Kothari, founder and CEO of CipherCloud, an enterprise cloud security company
People are a liability.
People remain the biggest security risk to any sized organization, including SMBs. As threats become more sophisticated, even careful employees may find themselves victims of phishing or accidentally opening attachments with viruses. The best defense is ensuring that staff get consistent education to keep security at the top of mind. Security training for all employees really should start on day one.
The other large issue I see is organizations maintaining a legacy security posture, or original security plan. It’s not enough to configure the firewall and walk away. Every organization should consider bringing in a third party to get a vulnerability assessment. Even if you have a dedicated security team, a second set of eyeballs will help identify risks and start working towards remediation.
-- Cortney Thompson, Chief Technology Officer of Green House Data, an environmentally conscious data center service
Imbalance in security.
The fastest growing threat are sophisticated phishing attacks, which, when not identified and stopped promptly, can lead to a loss of business.
Business needs to be smart about balancing in-house security resources and building a strong team, while also leveraging third-party security services. There are a number of third-party security services, many of them are SaaS based, that don’t require investments in hardware and are generally easier to deploy.
Perhaps the most important thing is to treat security threats seriously and to proactively assess your security measures. Many companies don’t take security seriously enough until something bad happens. It is generally a lot more expensive to clean up after a security breach, than addressing it proactively.
-- Arne Josefsberg, Chief Information Officer of GoDaddy, an Internet domain registrar and web hosting company