How Secure Is Your Small Business from Digital Attacks?

How Secure Is Your Small Business from Digital Attacks?

When small business owners see retail giants continuously targeted by digital attacks, one question should spring to mind: Am I doing enough to secure my own business from similar attacks?

The problem is only growing. There was a 62 percent increase in data breaches in 2013. A combination of cloud adoption, more readily available information, and an increase in hacker sophistication and financing is the cause.

While it’s never possible to put in place a plan that would completely shield your small business from digital attacks, there are things you can (and should) be doing to defend yourself and your business. One of the biggest problems that Gemalto -- a company that helps businesses secure their presence in the cloud and on the Web -- sees over and over again is small business owners who believe they are “too small,” and therefore not a target. “Many small businesses believe they have a free pass on security, especially cyber security, because their business isn’t a household name,” says Macey Morrison, marketing programs manager at Gemalto. “But cybercriminals don’t discriminate based on company size today.”

In fact, says Morrison, some attackers may even target smaller businesses simply because they know their security measures are most likely nonexistent, or at least less rigorous. When it comes to efficiently wiping out a system, small businesses make a good target.

Besides a lack of belief in the need for proper security, Morrison says some of the other main problems her company sees include:

  • Shadow IT leaves businesses exposed. Shadow IT is hardware or software IT tools used within the business that management or IT don’t know about, says Morrison. The consumerization of IT and the cloud often allows employees to increase productivity by utilizing their own devices and outside services, which presents a security risk; tools off management’s radar are not subject to the same security measures as a centrally managed IT system for your small business.

  • Poor credential management. Mass adoption of cloud services means employee credentials, usernames, and passwords to these services have proliferated, leaving them managed disparately. “On average, small businesses use six to 10 cloud services, making it nearly impossible for employees to remember a unique login for each, and driving them to use the same login for most, if not all, of their services out of necessity,” says Morrison.

  • Lingering ex-employee access. Often, when employees leave a company they retain access to a company’s server due to shadow IT and poor credential management. Most of the time this never becomes an issue, but occasionally past employees take advantage of their access to private data by passing it along to competitors or sabotaging systems.

  • Mythical business user. In today’s social online world, employees work in collaboration, switching between personal and work sites and software throughout the day, making it often impossible to draw a line between consumer and business use. When the blurring of personal and professional credentials occurs, a risk exists. “Consumers are notoriously lax with their own credentials and will not afford different treatment if work is involved,” says Morrison. “When an employee’s personal accounts are breached, often it creates a potential entry point into a business.”

When making sure your own small business is as secure as it can be against digital attacks, Morrison suggests not going overboard on strict security policies that don’t provide employees with the tools to effectively maneuver them. “The key to security adoption is not what you would think -- [it’s actually] convenience,” says Morrison. “Security policies and tools that are confusing, time-intensive or have limited device compatibility fail quickly. People simply won’t use it, or at least not correctly, if processes impede on their day-to-day productivity.”

Instead, the key is for a business to work in collaboration with employees and curate policies and tools for employees that meet their individual needs for convenience and productivity, as well as that of the company’s need for security. Once that’s in place, follow these steps to make sure your system is more hassle than it’s worth to crack:

  1. Train employees: Employees are the front line of any small business, says Morrison, and the gateway for much corporate data.

  2. Get serious about online identities: Employee identities are the key to the internal operations of a business, which translates into logins, usernames and passwords. It’s essential that these identities and corresponding logins be managed centrally for visibility into cloud resources that serve as potential business data repositories.

  3. Curate cloud vendors with care: Morrison suggests asking potential vendors where data will be stored, who will have access to it, their physical and network security standards, and breach notification policies.

  4. Embrace BYOIT: BYOIT (bring your own IT) brings great value for growing small businesses, especially in the area of reduced costs. “But while it’s a win for the bottom line, it presents a major hold in the business’s security strategy,” says Morrison. “Employee-owned devices and applications transact the business’ data daily, presenting big risks for the company with negligence or theft. Significantly reduce security risks by enrolling BYOIT users into a defined, sustainable security program that simply secures access to company data.”

With a little planning and research, it’s easy to keep your small business safe from digital attacks. Working in collaboration with your employees will be a big part of providing an overall plan of security for your business — but making even a tiny change today in the infrastructure of your business’s security can help make a big difference in the future.

Cheryl Lock is a former magazine, newspaper and website editor turned full-time freelance writer. She has worked on staff at the Daytona Beach News-Journal, More and Parents magazines, as well as for Learnvest, the leading women's financial website. Her work has also appeared in Newsweek, Forbes, Ladies' Home Journal and The Huffington Post, among others.

Was this content helpful?