Full Disclosure:  I am owner of a small business information security consulting firm.  So, I know you will assume that my motives for this article are not completely informational.  If you assume that, you are correct.  However, also keep in mind that I myself am a small business owner and as such I am truly concerned about the state of information security specifically related to small businesses.

 

Now that my disclosure is out of the way, let’s answer the question in the title of this blog.  Are new small businesses at highest risk for breach.  The simple answer is, YES.  As stated in the 2016 Symantec ISTR, 71 percent of attacks target small businesses.  In addition, an article from Tripwire.com states “ What’s worse is many small businesses endure successful attacks within the first six months of operation”.  In other words, cyber criminals are intelligent enough go after the most vulnerable.  These criminals understand that the first six months of a businesses’ operation are a whirlwind.  You, as a new small business owner, are still trying to figure out how to consistently turn a profit and are not thinking about someone hacking your business’ computers or servers.  This lack of forethought regarding your information assets puts the survival of your business at risk.

 

To take this discussion a bit further, small businesses must understand that information security is not just about the business itself.  It is about every business or person they do business with.  Many small businesses are the gateway for attacks on larger companies that they do business with.  Take the Target hack for example.  The hackers did not go after Target directly, they went after an HVAC vendor who would be doing work for Target.  The unsuspecting HVAC contractor represented ground zero for one of the largest information security breaches and data thefts in the World.  That HVAC company, who I will not mention, will forever be attached to this hack.  I am sure you would agree this is not how you want your company to be remembered.    

 

As a way to help small businesses investigate some low cost strategies to improve their security posture, CarTek Consulting is offering a limited number of FREE security assessments.  Click the button below to schedule an appointment.

 

In the meantime, below are few things you can do on your own to get you started in the right direction.  Consider implementing the follow:

 

1. Patching – when your application or operating system alerts you of a new patch, here is a tip – INSTALL IT.  Many of the patches and updates that people ignore are actually helping to close security holes and vulnerabilities.
2. VPN Service – Many small business owner like to do work in coffee shops or other places where there is free access to wifi.  Be careful.  Most places with free wifi leave you vulnerable to having your browsing habits monitored and captured.  We recommend using a VPN Service that usually costs less than $100.00 per year.  This service will allow you to encrypt any and all browsing and transactions that you complete online.
3. AntiMalware Software – Make sure you have some type of AntiMalware suite installed on your computers and servers.  The latest software will typically include a host based firewall to help block unwanted programs from automatically installing on your PC or Server.  Don’t forget, you need to download and install patches and updates daily.  This is usually scheduled and done automatically when you install the software.
4. Wifi – Everyone should at least be using WPA2 as the security/encryption protocol for your wireless network.  If you are not, please adjust your configurations immediately.  Also, ensure that you have a long and complex password.  Use capital/lowercase letters, numbers, and special characters.  To take things one step further, I would recommend changing your password (not re-using) every 60 to 90 days.  The will help incase someone has your current password, and they should no longer have access to your network.

 

Citations:

Manning, K. (2017, January 1). How and Why Small Businesses Are Investing in Cybersecurity. Retrieved March 3, 2016, from https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/small-businesses-investing-cybersecurity/

 

Krebs, B. (2014, February 2). Target Hackers Broke in Via HVAC Company. Retrieved March 6, 2017, from https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

 

Wood, P., & Nahorney, B. (Eds.). (2016). 2016 Internet Security Threat Report (Tech.). Retrieved February 26, 2017, from Symantec website: https://www.symantec.com/security-center/threat-report

 

Speak with an Agent Today