But small businesses are no longer worry-free, according to security experts. Small businesses are increasingly being targeted by cyber-hackers, who are launching global espionage campaigns. Smaller businesses can be a bridge into the systems of their larger business partners, experts say, since small businesses often lack the security measures multi-billion-dollar firms have in place.
“In today’s security landscape, everyone must assume they are a target,†says Jim Butterworth, CSO of security firm HBGary.
But small business owners aren’t on their own when it comes to putting security measures in place. HBGary recommends taking the following steps to ensure your small business doesn’t fall prey to a cyber-attack.
- Conduct a comprehensive network check. Businesses spent money and effort each year to prepare and update emergency response and business continuity plans. Butterworth emphasizes that incident-response plans must be treated with the same care. Your business continuity plan should include efforts to protect against cyber-attacks and should be regularly updated to address the ever-changing landscape of cyber-attacks.
- Invest in security infrastructure. Some businesses assume that simply having anti-virus software on servers and devices is enough, but Butterworth stresses that anti-virus often isn’t enough. Software cannot protect a company against targeted attacks. While software manufacturers do their best to stay abreast of new malware variants, new attacks are being launched on an ongoing basis. There are measures a small business can take to protect servers, but many businesses are choosing Cloud service providers to entrust their security to the experts. If you choose the do-it-yourself model, e sure you stay informed about changes in the security landscape that could leave your small business vulnerable.
- Educate your users. One of the biggest threats to a small business’s infrastructure lies in the behavior of its own employees. “Provide clear, concise cyber-guidelines for your employees,†Butterworth advises, adding that those guidelines should include restricting access to only those applications and files each employee needs to do his or her job. “Our users represent our largest attack surface, and a mature plan includes providing timely and relevant information to our first line of defense,†Butterworth adds. Each user should also be taught to avoid phishing attempts, including those that come through e-mail and social media sites.
Small businesses can’t assume that they are immune to criminal activity. By following these tips, you’ll be able to ensure your business is uninterrupted and your customer data remains safe.
