There was a time when a business was considered secure if they locked their doors and windows, had an alarm system installed, ensured that the perimeter was well-lit, and if needed; hired guards to monitor people entering and leaving the premises. However, to believe that such methods are sufficient in the current business environment would be foolhardy. Given how much of the communication and conducting of business occurs outside the meeting rooms or four walls of an office or plant location, ignoring the dangers of security breaches that occur through cyber or electronic communication is irresponsible and subjects the business to both mischievous and purposeful incursions.
You Are the Target
Symantec Corporation’s 2013 Internet Security Threat Report (http://www.symantec.com/security_response/publications/threatreport.jsp) had an alarming finding. Startups and small businesses are at the greatest risk of falling victim to cyber criminals. According to the report, 31% of all targets attacks are directed at businesses with fewer than 250 employees. Given that protection from cyber attacks is often not considered a necessity by small business owners, these threats often go undetected and are therefore more successfully able to penetrate the databases, communications, bank account and/or credit card transactions and information-sharing activities than those aimed at larger businesses.
The Federal Communications Commissions (FCC) offers recommendations to limit (or hopefully avoid) criminal activity. Among those recommendations are:
- Train employees in security principles and raise awareness of the threats – Among the common examples of this are passwords that are not easily guessed or detected, being vigilant about use of the internet and if necessary, limiting access to just approved sites, and the consequences of not complying with those regulations.
- Use of cyber security applications like virus protection software and updated operating systems that provide some defense against malware, viruses, and attacks commonly occurring through gaps in programs.
- Use of firewall to protect internet connections for proprietary or confidential information that resides within the company’s databases (especially if that information is accessed by employees remotely located, working from home, traveling, etc.).
- Be aware that smartphones or other mobile devices are vulnerable to hackers if they are not equally protected by the same vigilance. Many employees access email, files, or other corporate data through their mobile devices and download information to those products making it vulnerable to cyber criminals.
- Ensure back ups of critical data exist and are maintained on a regular basis (just in case there are issues that require reconstructing or replacing data that has become corrupted).
- Be aware of who has access to Hi-Fi networks and require that only authorized users are able to gain access to the company’s intranet site. Keep the Service Set Identifier (the SSID) name hidden or encrypted.
- As appropriate, limit which employees have access to information within the company. Whether it is IT employees who have administrative privileges, managers with access to payment or banking information, or other business confidential data - some information should be closely held.
Unfortunately, criminals do not have to have physical access to a company’s premises now to steal or destroy that business’ core data, stored files, financial information, etc. Anyone who has ever spent some time at an airport gate waiting to board a plane has heard business conversations occurring around them that are probably not appropriate for public involvement, seen laptops open to applications sharing information that is easily seen by nosey seatmates, and observed people texting and emailing through their tablets and cell phones that can be remotely accessed by hackers able to “hijack” the WiFi signals by those within a short distance apart.