Just how cyber secure is your small business?

Oct 24, 2011 9:51am

By Emily Eckland, NCSA Managing Editor of Digital Media

Is your small business safe from hackers, viruses, malware or a cyber-security breach?

You may think you’ve made your company cyber secure, but the majority of small business owners fail to take fundamental precautions, according to a new survey of U.S. small businesses sponsored by Symantec and the National Cyber Security Alliance and conducted by Zogby International.

In fact, 77 percent of small business owners say they don’t have a formal written Internet security policy. And 45 percent of small business owners do not provide Internet safety training to their employees.

If you’re one of these small business owners, read on and learn ways to protect your company online.

One of the first steps to protecting your business is to realize that no matter how tiny your business is, it can still be used for a cyberattack.

Richard Wang, a threat manager at Sophos Labs US, says malware is specifically designed to have as little impact as possible on a computer user, meaning your website could be compromised and outputting malware without you even realizing.

“Attackers are not using their own resources. They’re going out and creating networks of harmful computers that aren’t their own. Your computers can be used as launching points for attacks on other people and other businesses,” Wang says.

Basic Tips for Small Business Owners

Every business owner needs to look at the various risks to their viability, profits, personal identity, data and intellectual property loss and then build those risks into their everyday habits.

There are free and low-cost options to keeping your computers – and business – safe, such as making sure your machines get automatic software and security updates, enabling firewalls, and increasing security settings on your Internet browsers (Go to “options” or “tools” and look for a security settings tab).

ADP Vice President and Chief Security Officer Roland Cloutier recommends business owners call their Internet service providers and software manufacturers and ask them if they are taking full advantage of their security settings or anti-virus software.

“You can gain a significant level of protection just by [talking with them,]” says Cloutier, who is also an NCSA Board Member.

Cybercriminals often look for financial information. To reduce the risk of financial breach and identity theft, Wang recommends having one dedicated computer that’s used only for financial transactions only and not for emailing or Internet browsing.

Here are some other tips:

  • Survey what information you have and what you need to do to protect it. What are the data? How are you storing and protecting data? How do employees access data?
  • Take an inventory of the protections you already have in place and assess what new protections you need.
  • Look at where your key information is and keep an eye on those systems.  If your website is compromised, it’s better to know as soon as possible.
  • Use free resources such as http://us-cert.gov/ and http://www.uschamber.com/issues/technology/internet-security-essentials-business and http://www.fcc.gov/cyberforsmallbiz and sign up for alerts that will keep you informed about the latest threats. (Also keep an eye out for the Small Biz Cyber Planner, a free government tool that will allow small businesses to create a customized cybersecurity plan.)
  • Make sure your passwords are long and strong.  Many times, passwords aren’t complex enough and easily guessable, which puts your data at risk.
  • Think about access management. Breaches can happen internally and by accident.  Do all of your employees need access to financial databases? Limiting access and tailoring access to employee’s duties may reduce your risk.

Training Your Employees

As a small business owner, you want to train your employees to be aware about the information they’re putting online and if it’s potentially valuable to a cybercriminal.

“The Internet is an open book and you have to continually get your employees to look at how they use the Internet and how it can affect your business,” says Greg Garcia, cybersecurity and threat management partnership executive at Bank of America.

Here are some other tips:

  • Talk to your employees about how they’re using the resources you’re providing. How are they using the Internet? What websites are they visiting on their downtime? Educate them about safe online practices, such as STOP. THINK. CONNECT.
  • Encourage your employees to diversify their passwords. If an employee uses the same password for their personal and business purposes and someone gets ahold of that password, then your business is at risk.
  • Put cybersecurity in everyday terms that people can understand. Your mother taught you not to take candy from a stranger, and that same thinking applies to clicking on a link from a stranger in your inbox.

Other Ways to Protect Your Business

Small business owners may want to think about using third party businesses to manage Internet access and financial transactions and to back up data.

Here are some other tips:

  • Plan for an attack by having a “plan of attack” and outlining what you will do in case of a breach.
  • Report hacking, stolen finances or identities and other cybercrime to the Internet Crime Complaint Center (www.ic3.gov) and to your local law enforcement or state attorney general as appropriate.