When it comes to hackers and cyberattacks, the name of the game is staying ahead of these people and programs that can sabotage a company, especially if you are a small-business owner. While larger companies can bounce back from data breaches (even if it will cost them a fortune), small to midsize business don't always have the resources.
To make sure small-business owners are equipped with the tools and resources needed to stay protected, we asked a number of experts what security threats SMBs face and how to remain safe.
Here is what they had to say:
It is an industry-wide issue
SMBs should stay on the lookout for what is happening in their industry. If, for example, a software manufacturer has a large part of your industry’s market share, you have to assume that application is a target, because when hackers find a way in, they can find it broadly. If a hundred hospitals are running the same version of the same patient information system, they all have the same risk.
Everyone remembers the Target and Home Depot hacks, but not everyone may know that it was the same virus, a virus designed to swipe card data specifically from point-of-sale terminals, running Microsoft Windows. This same scenario can play out in nearly any vertical that has valuable data -- healthcare, education, government, retail, ecommerce.
-- Cortney Thompson, Chief Technology Officer of Green House Data, an environmentally conscious data center service
Risks will move across all your network
SMBs should focus on the many ways the business is networked and connected to outside organizations and people -- from third-party providers to clients, employees and customers. We have never been more networked and that means we have never been more vulnerable. Small and mid-size businesses need to carefully watch trends around data sharing and access because this is what cyber criminals are after: data. It’s critical to always know exactly who has access to company data and how it is being protected whether it’s on in house servers or somewhere in the cloud. Keeping up with the trends and best practices for managing and monitoring data access is critical to the success of any business today.
-- Anna Frazzetto, Chief Digital Technology Officer and SVP at Harvey Nash, an IT recruiting firm
Ransomware and spear-phishing scams are getting more advanced
We are seeing more carefully crafted, well researched spear-phishing and ransomware attacks.
For instance, businesses have been targeted lately by scams attempting to get employee tax documents and company financial data. In these cases, someone might pose as the company CEO (or CFO) and then gets a copy of everyone’s W2 or order the execution of a wire transfer.
On the other hand, ransomware is when a virus gets installed and the users get completely locked out. There is no way to access the data, as it all becomes encrypted by the attacker. In exchange for money, the attacker will unlock the computer and give users access again. Depending on how important the affected computer is to the business, this could cripple a company. There are services that can help fix some types of ransomware.
-- Arne Josefsberg, Chief Information Officer of GoDaddy, an Internet domain registrar and web hosting company
Security vulnerabilities are going to spread
Big data, data analytics and business intelligence have transformed marketing, sales and the bottom line. These same trends are going to take off very soon in security.
We are collecting all this data. Now we have to be able to sift through it and make it valuable. Unless we learn from it and use it to make our organizations safer, why collect it in the first place?
Connected to this is the idea of machine learning. There is so much data that a single employee can’t possible track all network events. A single person can look at about 100 events per day. Most small/midsized businesses have 100,000 – 500,000 events per day. We need machines to be able to analyze the network and alert us when they register an abnormality that we can investigate.
-- Greg Kushto, Director of Security Practices at Force 3, a network security company.
BYOD devices will continue to be vulnerable
All businesses should be focusing, in part, on their porous networks. BYOD and wireless connectivity dominate the end-user requirements. As such, these pose an enormous risk that needs to be managed. SMBs should be focused on implementing security programs consistent with how users work. If not, users will circumvent controls.
-- Rick Orloff, Chief Security Officer of Code42, a data-protection company