Sorry, Your Business Will Never Be Safe. But Here's What You Can Do About It.

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.entrepreneur.com/article/270850

The digital age has gifted all of us with access to tremendous amounts of
information and connectivity, but it also has made us vulnerable. Using
personal information to buy online makes your data a potential target for
thieves. Storing your company’s sensitive information in the cloud makes it
easier for corporate spies to find.

In general, small businesses tend to overestimate how safe they rare. Ask
any small to medium-sized business owner how protected his or her
information is, and the person will probably reply “sufficiently.” Follow
up by asking what the company is actively doing to protect against
cybercriminal threats, and the owner probably won’t have an answer.

1. The opposite end of the spectrum

Those aren’t the only business owners out there, though. Some have
developed a strong and ever-present fear of an imminent digital breach.
That’s not unwarranted, given the statistics that say 50 percent of all
businesses have been the victim of some kind of cyber-attack, and the
highly publicized breaches of major corporate systems in recent years.

Among these obsessive firms, every potential breach must be identified and
prevented, and they spend excessive amounts of money in pursuit of absolute
security. But is this the proper response?

2. The illusion of security

Unfortunately, data theft is a reality of the digital age, and there’s no
way to avoid it completely. In fact, according to the Web Security Bureau,
complete web security is pretty much an illusion. There’s no such thing as
“hack proof.”

If a thief wants into your house badly enough, no security system can stop
him. The same is true for your digital assets. Consider the following facts.

Hackers and security systems are two sides of the same coin.Technologies on
both sides are developed and improved by the same kind of specialists, who
are just people. It’s a cat-and-mouse game, so whenever a new “foolproof”
security system arises, it’s usually a matter of weeks or months before
it’s broken and the search for a better way starts again.
Security is never “done.” Securing the digital side of your business isn’t
like locking your house or setting an alarm. You’ll never be “done.” One
slip -- like falling for a phishing scam or carrying in an infected device
on your WiFi network -- can be all it takes to compromise your entire
defense.
Even major corporations have breaches. Even some of the largest
corporations, who presumably have the very best IT professionals and even
entire teams of cyber security consultants, are vulnerable to data
breaches. No one is completely immune.

Feeling scared? That’s understandable, but you don’t have to be.

 2. The right approach

Modern business security demands action, but overreaction can be just as
unwise. You need to find a balance. Arm yourself with the best information
you can find, take the measures that are practical without reshuffling your
priorities or exhausting your budget, and stay apprised of best practices
on a steady basis without getting distracted.

It comes down to this: If they work hard enough, theoretically hackers can
get anywhere. If you make it harder for them, however, they’re more likely
to move on to a different target or ignore you altogether. Security isn’t
about constructing an impenetrable defense -- it’s about making sure you
aren’t an easy target.

Here are some simple ways you can do this:

Pick good passwords, and change them often. Most hackers don’t “hack” in by
finding vulnerabilities in your code. They get in by guessing or stealing
an employee’s password. Choosing good passwords that have many types of
characters and no guessable formats (like dates or keywords related to your
business) will increase your security. Rotating those passwords on at least
a quarterly basis will help even further.
Secure your WiFi connection. If left unsecured, your wireless Internet
access can easily be infiltrated by a third party, who can then monitor all
incoming and outgoing traffic (including emails and sensitive information).
Inform your employees. Simple schemes are easy ways for hackers to get past
your security. A download link or an attachment in a rogue email can be
enough to bring down an entire system. Keep your employees informed of
these schemes (as well as best practices for passwords).
Segment your information. Giving all your employees unlimited access to all
your data leaves your business extra vulnerable to potential attacks. If
you can, try to segment your departments and systems with an eye to
limiting the potential impact of a breach in any one particular area.
Stay up to date. Situations and tools evolve quickly, so keep yourself
informed. The Small Business Administration offers some effective tools you
can use to keep yourself and your team abreast of best practices.

These web security best practices don’t demand a large in-house team, years
of expertise or thousands of dollars to invest. In fact, you can do most of
them with the resources and knowledge you have right now.

It doesn’t take much to introduce a base layer of security in your small
business -- so why allow your operation to be vulnerable a moment longer?

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.