While data breaches at big corporations continue to make headlines, cyber attacks against small businesses are quietly on the rise. In 2015, 43% of cyber attacks on businesses worldwide were against organizations with less than 250 employees, up from 18% in 2011, according to Symantec.
“Today, small and mid-sized businesses are getting attacked left, right and centre. They have something very important that the bad guys want, and that’s data,” says Daniel Tobok, CEO of Cypfer Inc., a cyber security and digital forensics firm. “They’re not just after governmental secrets or the big banks. They’re there to steal private information that they can sell on the dark market.”
Small businesses need to protect themselves, but many still don’t believe they are targets, says Greg Kroeker, founding partner of IT/cyber security firm Shield Networks. “When it comes to IT security, they’re very trusting of their employees and they don’t give much thought to what’s out there that might wreck their business.”
That mindset creates infrastructure cracks that cyber criminals are more than happy to exploit. Here’s a look at some of the more common cyber-security gaps and how small businesses can fill them.
Today’s workforce is increasingly mobile, but with that comes heightened security risks. For example, employees installing apps can “create a big security hole in the system because you’re losing control of who has access to what,” says Tobok.
In addition, the “bring your own device” (BYOD) strategy can escalate the problem. “You don’t know what they’re downloading, you don’t know what they’re doing, and you’re completely losing control of your information,” says Tobok.
To mitigate risk, Tobok says employee education “is as important as slapping on firewalls.” Companies can also keep tabs on corporate data from personal devices by creating a separate wifi network for those devices, says Shield Networks’ Kroeker.