Whether your company is a huge organization with thousands of employees and millions of dollars of assets, or a small business with just a few employees and a lower net worth, you are vulnerable to cyber-crime. There are criminals who want to steal your company’s assets, including money, information and strategic intelligence – and in some cases, stop you from operating altogether.
Every year, businesses lose millions thanks to these targeted attacks, in which a criminal hones in on a particular organization for a defined purpose. These attacks differ from opportunistic attacks, which are designed to wreak havoc in general. Consider the two types of attacks like fishing: targeted attacks are like using a pole and hook with a specific type of bait to catch a specific type of fish. Opportunistic attacks are more like fishing with a net. You might catch the big one, but you’ll get a lot of little ones in the process, too.
Most large companies are aware of the fact that they are prime targets, and employ sophisticated systems and knowledgeable experts to try to protect themselves from attacks. However, attacks against small businesses are on the rise: as of June 2012, more than 30% of all targeted attacks were against businesses with fewer than 250 employees, more than twice the number of similar attacks only six months earlier.
Hackers are going after smaller businesses as stepping stones. By breaking into small business internet systems, the criminals can gain access to the large businesses with more assets—and many small companies don’t even realize they are vulnerable.
Big internet security software manufacturers like Symantec Inc, specialize in protecting large information systems, servers and computer networks. Symantec’s business software like the Endpoint protection software specializes in protecting companies from hacking and malicious threats. Companies can buy bundles of 70 or more licences and get all their systems covered. Of course Symantec gives discount coupons for such large orders.
What Makes Small Businesses Vulnerable to Attacks
There are certain areas on your network that make it easier for criminals to gain unauthorized access to your business. These include:
These days, most people are fairly savvy about when to open or click on an e-mail and when to delete it. However, criminals are also becoming more sophisticated, making it more likely that an unsuspecting employee will click on a link, not realizing that it’s effectively opening the door to the criminals. It’s still common, for example, for criminals to use mass mailing worms that are attached to e-mail messages. When the user opens the executable file and allows the worm access to the system, it can access user names and passwords, collect information about the network, infect other machines on the network and lead to additional downloads of other harmful programs that can devastate your system.
Instant message is a popular tool in offices these days, as it allows employees to communicate quickly and efficiently. However, like e-mail, it can be used to spread harmful viruses, malware and worms. In some ways, it’s even more dangerous, because in general you need to know someone in order to send them an instant message, and employees are more likely to open files or links from co-workers or business contacts.
The explosive growth of sites like Facebook, Twitter, LinkedIn and Pinterest has created a fertile playground for cyber criminals. Although these sites have security controls in place, it is surprisingly easy for hackers to gain access to personal information—and wreak havoc—through social media. Small businesses need to keep tight control of social media access.
Many small businesses rely heavily on antivirus software, but unfortunately that’s not always enough. Criminals run their programs against the latest versions of antivirus software, looking for vulnerabilities, and exploit them. It’s important for organizations to have more than just antivirus protection.
While it may not be possible to reduce 100 percent of the vulnerability to attack, you can significantly reduce your risk.
First, it’s important to understand that IT security is a process and needs to be constantly evaluated and updated. What worked even one or two years ago will not work now. Engage the services of experienced professionals to help assess your risk and recommend steps to secure your network and data.
Second, educate your employees on the latest threats and establish policies to reduce vulnerability. Establish strong authentication and password protocols and teach users how to identify suspicious messages in e-mail, IM and on social media. Taking these steps will reduce your risk, and help keep unwanted intruders out of your business.