Common Security Mistakes Small Business Make and What to Avoid

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.resourcenation.com/blog/common-security-mistakes-small-business-make-and-what-to-avoid/38141/

One of the most significant threats facing companies today is cyber
intrusion. The inter-connectivity the businesses have gained from the
Internet has been a boon to revenue and development, but it’s also proven a
double-edged sword. Cyber attacks can be vicious and lead to incalculable
losses in not just revenue, but intellectual property as well. However,
despite this growing threat, a recent survey revealed a majority of small
businesses don’t consider cyber intrusions to be a real threat.

Conducted by the Ponemon Institute, the survey included responses from over
2,000 small-business managers and found a surprising 58 percent don’t think
online hackers pose a credible threat to their company’s technology. This
becomes especially concerning when considering small businesses have lost
an average of $1.6 million in the last year because of online attacks.

The Department for Business, Innovation and Skills revealed in a report
that 87 percent of small businesses suffered a cyber attack in 2012, and
the prospects for 2013 don’t look more promising. Companies hoping to deter
hopeful hackers should avoid falling into these common IT shortcomings:

Don’t ignore blind spots
It’s not uncommon for a small business to be lacking in the area of IT
security, but it’s not a fixed position. With IT staff regularly wrapped up
in more day-to-day operations, businesses should consider investing in
regular security checks to maintain adequate safeguards. Third-party firms
exist to identify blind spots within a company’s cyber security structures,
providing insight and advice for how to shore up weak areas and keep
hopeful cyber intruders out.

You’re not too small
It’s an easy mistake to make, but don’t think a small business isn’t large
enough to be the target of a cyber attack. It’s a popular thought that
coasting under the radar with more modest profits and products will grant a
company online immunity. The truth, however, is more often the opposite.

The confidence small businesses of this nature have tend to leave to
haphazardly assembled security portfolios that don’t actually offer a lot
of cyber safeguards. In effect, believing a business is too small to
warrant attack will increase the chances of intrusion.

Stay on top of security policies
When companies don’t perceive malicious hackers to be a threat, they don’t
enforce security policies. Keeping confidential information on a portable
device that regularly leaves the office is a security breach waiting to
happen. A stolen laptop or a lost phone can mean countless damages in
dollars and intellectual property.

If a small business does not currently support a security policy, its first
order of business is to enact one. The next step is to educate all
employees on the details and then regularly enforce it.

Passwords
A problem many companies have, regardless of size, is passwords. Not so
much in they don’t have them, but more that employees will regularly employ
old passwords, reuse passwords or simply have bad ones. An easy way to
avoid the problems that come along with insufficient password protection is
for businesses to establish a set of guidelines. For instance, systems
should require employees to change their passwords every few months or so.
Businesses can also draw rules about password complexity, requiring a
certain number of characters, as well as enforcing alphanumeric standards.

Small businesses don’t often have excess budget space to spend on
additional systems and advances, but investing in cyber security can help
companies avoid online attacks and the financial losses that may come as a
result.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.