Blog

Busting the most common small business data security myth

Busting the most common small business data security myth

10/08/2015

Small Business Data SecurityOne of the most commonly believed myths among small business owners (SBOs) is that they don’t need to worry about data security because they aren’t going to be a target. It’s easy to see why SBOs think this way. After all, going after a small business doesn’t seem like it would be nearly as profitable to hackers as going after a big company, like the Target breach from a couple of years ago.

But the unfortunate reality is, small businesses are often easy targets for hackers. The hackers in the in the 2013 Target attack actually got in through a small HVAC company. Hackers know that small businesses don’t have a lot of resources to dedicate to data security – certainly not as many as enterprise organizations. And they will use that to exploit you.

Don’t believe us? Take a look at these two stats from August 2015:

  • 78% of spear-phishing attacks targeted businesses with < 250 employees[1] (Spear phishing is an email that appears to be from someone you know but is actually from a hacker).
  • 1 in every 162 emails sent to companies with <250 employees was malicious.[2]

Scary stuff, right?

So what can you do about it?

 

Get the right systems in place and keep them up to date

At a MINIMUM, you should have a firewall, an antivirus program on all computers, passwords on all computers and programs containing company data, and a system that monitors your outbound internet connections.

But a firewall and an antivirus program installed 2 years that hasn’t been touched since isn’t doing much to protect you from the latest threats. Hackers and threats to your data security are constantly evolving – and your data security needs to evolve with it. Your data security programs need to be regularly updated and constantly running to keep you protected.

If this sounds too expensive and too cumbersome to manage on your own, you may want to talk to your IT company about security as a service. This treats data security services as an always-on, constantly monitored service, generally paid for with a monthly fee. This means your systems should be protected against the newest threats – and a monthly fee is usually more affordable for small businesses than the large expenses that come with replacing your firewall.

 

Educate your employees

Ultimately the biggest threat to your company isn’t an outside attacker – it’s your employees. No, we don’t mean your employees are stealing your data to sell on the black market.

But most data breaches are caused by human error: someone opening a malicious email or clicking a bad link or losing their phone or getting a virus on their work laptop while working at home and bringing it inside your network.

It’s vital for all employees to be trained on data security policies and best practices. Employees must understand what they need to watch out for and why. All it takes is for one employee to click on a bad link for your company’s information to be compromised.

There is never a 100% guarantee when it comes to data security (any vendor who tells you differently is either lying or doesn’t know what they’re talking about) – but with up to date systems and a vigilant workforce, you can get much, much closer.

If you have any questions about data security, please contact us!

New Call-to-action

__

[1] Symantec Intelligence Report: August 2015

[2]  Symantec Intelligence Report: August 2015

   

Subscribe to Our Newsletter

Ultimate Guide to Budgeting for Technology