It seems every week brings another announcement of compromised data, a threat and reality that grows closer as companies rely more heavily on the Internet to conduct business. Some major breaches have caused a media frenzy, such as Target's and Michaels', but surveys show that many small business owners don't consider themselves targets for cyber attack.
Ponemon Institute conducted a global cyber-security report with answers compiled from a group of IT security practitioners based out of 15 different countries. It seems there is a disconnect between the perceived urgency for cyber security and the real possibility of being hacked, according to 80 percent of participants.
It's important to know that small businesses aren't safe from cyber attacks. Forbes contributor Adam Levin said hackers will target smaller firms as large companies are bolstering current security measures in light of the widely publicized hacks. The 2014 Internet Security Threat Report produced by Symantec.com revealed data that may shock small business owners. Roughly 30 percent of cyber attacks in 2013 were aimed at companies with less than 250 employees. In 2011, small businesses were only involved in 18 percent of attacks.
Being proactive before an attack may be invaluable so the first step is to minimize risk of exposure. Employees should be trained on security measures and made privy only to systems they truly need. A two-step authentication process will also decrease risk for compromised company data. Forbes recommends isolating financial systems from the rest of the company's data and information for extra security. It's a good idea to have security reviewers check how safe information is from an outside party. Have the website hacked to identify weak spots and then tend to them swiftly. Additionally, employees who use personal cell phones and computers while connected to the office network should follow the same security procedures as they do with company provided technology.
Graham Cluley, an independent security analyst, suggests businesses encrypt all of their data to further protect information. Additionally, companies should consider how much information they actually need to store online and what has to be shared using the Internet. Encourage employees to move whatever data possible to USB Flash Drives for protection.
Once security is strengthened, it must be monitored because hacker attack methods are constantly being advanced. Create automatic alerts to be activated in the event of unusual activity within the company and be sure software security updates are downloaded as soon as they are made available. To keep the business safe from the inside, design a compliance officer position. This employee will be responsible for patrolling how colleagues are following security policies.
Michael Driscoll, the FBI's assistant legal attaché to the US Embassy in London, told Computer Weekly that businesses should start following cyber criminal forums where hackers share tactics to stay abreast of popular and successful methods.
Forbes suggests formulating a post-breach plan before it actually happens. It's important to consider how the company would handle customer service call volume and what could be done to support customers. Determine what needs to be reported immediately to reestablish coverage. Insurance agents or banks may offer damage control programs or cyber liability coverage so it's best to reach out and potentially invest in those services. According to the source, it may be beneficial to share the data breach plan with customers to build trust. Alert clients of increased security while showing appreciation with thank you cards.
Fortunately, government agencies are working to patrol and quell cyber attacks. The FBI and the U.K.'s National Crime Agency have teamed up with other law enforcement agencies worldwide as well as major Internet firms.