Symantec’s Internet Security Threat Report 2013 lists small businesses as the target of 31% of all cyber attacks in 2012, up from 18% in 2011.
“While it can be argued that the rewards of attacking a small business are less than what can be gained from a large enterprise, this is more than compensated by the fact that many small companies are typically less careful in their cyber defenses.”
These days, all businesses rely and benefit from information technology (IT) like computers, the internet, and even mobile telephones. IT provides huge advantages in efficiency but can also create exposure to some very serious risks. Large businesses have teams of IT people making sure they don’t run into trouble. Small businesses, however, don’t have the same resources and therefore have to choose what they can reasonably address.
Here are four IT risks that small businesses can address easily and without great expense. Start with these and you’ll be in much better shape.
- A hardware firewall appliance can add important protection.
Risk: When you are connected to the internet there is always the possibility that an intruder can gain access to your systems and compromise vital information. Routers and modems offer only moderate protection, at best.
Mitigation: While not foolproof, a separate hardware firewall device provides an additional layer of protection for all your equipment and applications. SonicWall, for example, provides options for added security at a reasonable cost.
- Maintain anti-virus / security software on all your computers.
Risk: Most computers now come with temporary anti-virus software installed, such as Norton or McAfee (Microsoft’s Windows Defender, provided as part of the operating system, has not been adequate). Regular updates to new virus definitions are a must to reducing your vulnerability.
Mitigation: Software and virus definition files must be kept up-to-date. Usually, this means anti-virus software on each of your machines. Some vendors offer “management” capabilities so changes, updates, and upgrades get done without having to visit each computer. There are also services that you can purchase to detect and avoid viruses, phishing, and spam for your whole office. SonicWall and Barracuda, for example, offer these services as optional additions. These only work inside the firewall – taking a laptop on the road still requires anti-virus software installed on that machine.
- Keep your operating system (OS) and other software up to date.
Risk: Despite everyone’s best intentions, software (such as Windows and other applications) is released with bugs. These bugs can allow the bad guys to install software to collect and steal sensitive data such as password or financial information.
Mitigation: Updates and security fixes are regularly released by OS vendors – but they don’t do any good if you don’t install them. Many are not automatic! Get in the habit of regularly checking for and installing security updates.
- Back up your data regularly, and check that it works properly.
Risk: Computers do break down (often at the worst possible time), and you can lose access to your data when that happens. Losing a day of financial transactions is an inconvenience, but losing a week/month/more could bring your business to its knees.
Mitigation: (1) take backups regularly and often; (2) verify the backup as soon as it’s complete (a bad backup does you no good); and (3) keep a copy in a different location from the computer (don’t lose your backup and your system at the same time). It’s often difficult to do this regularly and for all important systems. Consider a comprehensive, automated solution such as Carbonite or Mozy (online backup services) or Barracuda (in-house or online), among others.
There are other things you should be doing (such as protecting your Wi-Fi network from intruders or ensuring that passwords are secured) but the four items described above will address some of the high-priority risk factors. There are many vendors and solutions out there and the possibilities change constantly. The specific software, hardware, or services that you implement depend on your particular situation – review with your IT service provider.Jon Seidel, CMC® EDP Consulting Effective Decisions… Priceless!