- Building Your Dream Team
- Quill Brings the Force to Your Copy Paper
- The State of Small Business: My Interview with Ashley Williams from Wix.com
- Out with the Old; In with the New
- The Invisible Workhorse: Xerox’s WorkCentre 6515
- Always Say Thank You!
- 2 Simple Ways to Run a Better Business in 2017
- #navSMBchat for July: Dealing with Rejection as a Business Owner
- How to Manage Millennials in the Workplace
- #BrotherSmallBiz Tweetchat
Protecting Your Business From Hackers and Cyber Crimes
As business owners continue to move their companies onto mobile and digital platforms, the threats of hacking and cybercrimes jump exponentially. What’s an entrepreneur to do? Is it better to avoid the future of business altogether or can they operate and even prosper in worlds where threats and criminal activity abound?
To get the answers to these and other pertinent questions, I decided to ask one of the smartest people I know when it comes to protecting business owners online. I called Brian Burch, VP Global Consumer & Small Business, Symantec.
Brian Moran: What are some of the biggest online threats to small business owners today as customers and business owners?
Brian Burch: Small businesses are increasingly in the cross hairs of bad guys because “hackers” have morphed into cyber criminals. The hackers of the past have unfortunately organized and become major crime syndicates, seeking personally identifiable information (PII) and company secrets from the small business itself. Increasingly small companies are also used as a stepping stone or Trojan horse to attack other companies they serve, often including bigger, more lucrative targets.
Data breaches are a major online threat to small business owners and customers. According to a study by the Ponemon Institute, 55 percent of SMB respondents had a data breach, almost all involving electronic records, and 53 percent had multiple breaches. The primary causes of these breaches were employee or contractor mistakes, lost or stolen devices and procedural mistakes.
Ransomware has recently become a bigger challenge for small businesses. Ransomware locks your computer and demands a release fee, in effect, holding the computer ransom. The malware is often quite sophisticated and difficult to remove. We estimate that ransomware scams are extorting at least $5 million a year.
The risks to businesses can start with something as simple as visiting a trusted website. In fact, SMBs are more likely to be infected by malware placed on a legitimate website than one driven by a hacker.
Social networking sites also present risks to SMBs. Cybercriminals know that these sites can give users an implied sense of security, making them more inclined to overshare information, click on links or fall for a scam. Cybercriminals can then gain entry to online business accounts and steal important information including email communications, confidential documents, login credentials and even banking information.
Moran: Are there statistics or anecdotes that you can share with us on small business security and the Internet?
Burch: According to Symantec’s most recent Internet Security Threat Report Vol. 18, the largest growth area for targeted attacks was businesses with fewer than 250 employees; 31 percent of all attacks targeted them, representing a threefold increase in the number of attacks compared to the previous year.
Mobile malware is also on the rise. In 2012, Symantec saw a 58 percent increase in mobile malware families compared to 2011. This is particularly concerning given the blurring lined between work and personal use of mobile devices. According to the 2013 Norton Report, 49 percent of working adults use their personal device for both work and play.
Moran: Are business owners doing enough to protect themselves?
Burch: Most small business owners are not doing enough to protect their business from cyber-attacks. SMBs don’t typically have dedicated IT personnel focusing on information protection, which makes them more susceptible to risks than enterprises.
A 2013 global SMB survey commissioned by Symantec also found that 60 percent of SMBs rate their companies as somewhat to extremely secure, yet more than 66 percent of SMBs reported experiencing cyber-attacks in the last 12 months. This indicates a false sense of security, especially when you consider that 83 percent of SMBs don’t have a cyber-security plan (Survey on the Cyber Security Awareness Practices and Habits 2012).
Moran: Which industries or segments are particularly vulnerable or are being targeted?
Burch: Cyber-attacks targeting small business grew 300 percent over last year, in large part because the number of small companies has also grown in recent years. The recent recession actually created millions of new companies (while extinguishing others), many of which are a business-to-business (B2B) model. These B2B companies are often online “at birth” and sell intellectual property, like consulting, to larger companies which makes them highly attractive to the bad guys. Law firms, management consultants, engineering firms and IT/software developers are popular targets.
Moran: What 2-3 things can business owners do TODAY to better protect themselves and their company online?
Burch: Know what you need to protect and use a reliable security solution. According to the National Cyber Security Alliance, one in five small businesses fall victim to cybercrime each year. Of those businesses, some 60 percent go out of business within six months after an attack. One data breach could mean financial ruin. Encrypt information and protect the areas where it’s stored – including cloud – to prevent unauthorized access. Antivirus alone is not enough; today’s solutions scan files regularly for unusual changes in file size, programs that match known malware, suspicious e-mail attachments and other warning signs. Use a solution like Symantec Endpoint Protection Small Business Edition 2013 to quickly and easily protect information. It installs in minutes with no hardware or special training, protects against viruses and malware, and automatically updates to keep laptops, desktops and servers protected.
Educate your employees. Educate your employees about Internet safety, safe practices on social media channels and the latest threats, as well as implement strong password and mobile security policies. Make clear what steps employees should take if they misplace information or suspect malware on their machine.
Map out a disaster preparedness plan today. Don’t wait until it’s too late. Identify your critical resources, use appropriate security and backup solutions to archive important files, and test frequently.
Do yourself and your company a favor and take the necessary steps today to protect your business from online and mobile attacks. My thanks to Brian Burch for providing us with important and valuable information.