Small businesses are just at risk for being breached as larger businesses, but due to budgeting constraints, they usually don’t have the same high degree of protections as their larger counterparts.
The top three IT challenges facing small-business owners were listed as the cost of needed upgrades, security issues and the time it takes to fix problems, according to the National Small Business Association’s 2013 Small Business Technology Survey. Furthermore, 94 percent of small-business owners said they were very or somewhat concerned about cyber security, while nearly half of small businesses reported having been the victim of a cyber-attack. These attacks result in service interruptions and loss of staff time, and typically cost small businesses thousands of dollars.
Small businesses typically don’t have the right people working for them who have the knowledge to secure their networks. There are many aspects of cyber security, and no one security specialist is equipped to handle all areas: such as mobility, bring-your-own-device, compliance and vulnerabilities. Being lax in any one area of cyber security leaves your network open to threats. According to the survey, 83 percent of small businesses manage their bank accounts online. While that makes life easy, if proper precautions are not in place, it could add up to a great big loss for a small business. For example, did you know that while individual bank accounts are protected from loss that occurs from hackers, business accounts are not. (See BusinessIDTheft.org.) That means if attackers access your organization’s banking username and password and accesses your bank, they could deplete the account. It’s easy for a hacker to do that once your computer has unwittingly been infected with malware such as the ZeuS Trojan. If it happens to your personal account, your bank will reimburse you, but no such protections lie with business accounts.
Losing money from your bank is only part of the loss that could occur from cyber events. If a hacker were to knock your website offline, you could lose potential business, as well as hours of staff time. If you have any patents or trade secrets you’re trying to keep private, an attacker could access that information. And if you allow employees to telecommute, you need to be sure you have proper controls in place that only allow them into your network and keep others out.
If you accept credit cards, you must be compliant with the Payment Card Industry Data Security Standards (PCI DSS). If you get breached, you could get hit with steep fines. All merchants are required to complete an Attestation of Compliance. These self-assessment forms can be difficult to complete if an organization is unsure about what to do, but as a Qualified Security Assessor (QSA), we can make it easy for you.
At Dell SecureWorks, we work with small firms to help implement security controls that they need to prevent service interruptions and breaches. Nobody internally can look at your security issues with a fresh set of eyes. But a security vendor who sells no products and works with small businesses day in and out can help you see where risk lies, and will recommend options to remediate them. We’ll help you complete a risk and vulnerability assessment to assess your network and see where it makes sense for you to implement security controls. We can work with you to identify, quantify and document the probability and severity of various types of threats, and help you mitigate them in the best ways to suit your budget.
A small business will never have all the security controls that a large business has, but if you implement proper measures, your security controls can be just as tight.