Locks and Security News: your weekly locks and security industry newsletter
18th September 2019 Issue no. 475
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Cyber risks changing small business landscape
According to new data from Symantec's 2016 Internet Security Threat Report, cyber security attacks are on the rise. But even more alarming is the fact that small businesses have become an even bigger target of these attacks. In 2011, small businesses were only targeted 18 percent of the time. By 2014, that number had scaled to 34 percent. Last year we saw another substantial increase, with small businesses now being targeted 43 percent of the time.
Large businesses are still much more likely to be attacked, but it's clear that the focus of cyber criminals is shifting.
"Symantec's report shows that about 1 in 40 small businesses are at risk of being the victim of a cyber crime. That pales in comparison to the 1 in about 2 large businesses which are targeted every year - multiple times - with a cyber attack," says Joshua Sophy of Small Business Trends. "Still, the report indicates that hackers are indiscriminately choosing their victims. It's not a matter of who they're targeting but what they're targeting ... your money."
Despite the escalating risk of being the victim of an attack, not all businesses are responding in the way they should. According to one survey, published by PwC, 14 percent of executives admit to lacking a concrete strategy when it comes to information security.
We're clearly at a turning point in the modern business landscape. Small business owners and their executives either have to prioritize cyber security and adjust their strategies accordingly or live in constant fear of a devastating attack.
Five Developing Trends in Cyber security
In response to the changing face of business security, many small businesses are choosing to proactively adjust their strategies. Specifically, we're seeing the following trends emerge:
1. Emphasis on Privacy
In an effort to allow multiple individuals and offices to securely access a central network without having to dial into the company's network directly, many businesses are relying on virtual private networks (VPNs) to handle this challenge in a secure manner. And while VPNs are designed to protect businesses, they can sometimes experience leaks. This allows others to track down the company's IP address and potentially expose a vulnerability.
In an effort to tap into the benefits of VPNs without leaking IP addresses, forward thinking businesses are placing an emphasis on security and fixing their leaks before they become bigger problems.
This is just one example of how the emphasis on privacy is growing.
2. Disaster Recovery Planning
"In motorcycle training courses, instructors will tell you that the mindset shouldn't be one of if you have an accident, but when," security expert Danielle Valliere notes. "The same attitude should be taken to matters of information security. Be sure to have a clearly written and distributed disaster recovery plan with detailed information about who takes responsibility for what and which systems need to be addressed first to resume normal business."
As small businesses become more aware of security threats, Valliere's advice is being followed. We're seeing a huge uptick in disaster recovery planning. This is good news and shows a clear shift from where things stood just five years ago.
3. Relevant Employee Training and Restrictions
When most people think about cyber security risks, they picture some guy sitting in his basement halfway around the world with three computer screens running Matrix-like code. And while there are international hackers that can tap into your networks from thousands of miles away, your biggest threat is actually right here at home.
Whether you realize it or not, your employees are your company's greatest threat. Whether purposefully or unintentionally, your employees can wreak havoc on your company's data, networks, and programs. The companies that understand this are establishing additional layers of ground level security.
If you're looking for ways to protect your own business, then you should follow the lead of your peers and start by restricting access. "The fewer people who can access sensitive data, the less likely it is to get stolen," Funding Gates explains. "It's pretty simple- if someone doesn't need access to a certain database to perform the function of their job, there is absolutely no reason for them to be able to access it."
Furthermore, employees should be trained in the basics of digital security. They need to know what actions open the company up to risk, and which actions are preferred. If you have a BYOD policy in place, there should also be some intentional conversation about what information can be accessed on devices.
The final, and perhaps most important, piece of advice regarding employees has to do with password strength. Hackers often find their way into networks and programs just like the rest of us - by typing in a username and password. If you can strengthen company passwords, you can simultaneously mitigate risk.
Encourage employees to create diverse passwords - ones that include upper case letters, lower case letters, symbols, and numbers. Furthermore, require password resets at least once per month. And for an added layer of password security, require unique passcodes for every account an employee has.
4. Outsourcing Security
Many small businesses are taking things a step further and actually outsourcing security to a professional IT services firm or consultant. While this certainly comes at a cost, the investment is far less than what it would cost to deal with an attack.
"Although information security is a stressful matter, consulting with a professional IT services firm instead of trying to handle things in house is a smart move," Valliere says. "Whether you decide to go with managed services or purchase hardware and software through an informed reseller, be sure to consider the level of risk to your vendors and clients as well as budgetary requirements before making a decision.
5. Cloud Migration
The cloud can seem like an abstract concept that's difficult to grasp, but small businesses are becoming more familiar and comfortable with the idea of migrating away from physical servers and towards virtual servers.
One of the primary reasons companies move to the cloud is for security purposes. While it may feel like you're losing some control, leveraging the cloud brings benefits like stronger perimeters and surveillance, controlled access, cyber security expertise, and thorough and frequent auditing.
How Will You Respond?
Thousands of small businesses all over the country are shifting their approach to cyber security by placing an emphasis on privacy, disaster recovery planning, employee training and restrictions, outsourcing security, and cloud migration.
While only time will tell if these efforts help, it's clearly a step in the right direction.
As a small business owner or executive, how will you respond to the increasing threat of cyber attacks? Instead of shriveling up with fear or telling yourself that it won't happen to your company, it's important that you develop a plan. Time is of the essence and it's unwise to delay any longer. What steps will you take?
19th October 2016