What are the Five Biggest Threats to Small Business Cybersecurity?
The businesses of today are far more dependant on computers and technology than were the businesses of yesteryear. Even the smallest business will be reliant on an email account and a presence on social media. In some cases, the business in question simply wouldn’t be feasible were it not for the application of interconnected digital technology.
If your business is reliant on digital technology, then it only makes sense that you should take the associated security threats seriously. Let’s take a look at five of the most egregious.
Nowadays, phishing accounts for the vast majority of cyber-attacks – more, even, than malicious software. The principle behind phishing is simple. The attacker sets up a fake version (a spoof) of a trusted website. He then sends a link to that website as part of a plausible-looking email, typically with the words ‘urgent action needed’ appended into the title. Not noticing the difference, the victim clicks the link and enters sensitive login information into the fake website.
Phishing exploits a vulnerability not in your computers, but in the people who operate them (and thereby form an exploitable part of the system). The best solution to this problem is regular training and robust policies and practices.
A weak password can be easily guessed, and one which remains the same for long periods of time. Ideally, a password should be a string of random characters, including numbers and letters. But there’s a problem here: passwords of this sort are not easily remembered. Google provides a password-storage facility, which will compose virtually unguessable passwords and remember them on behalf of the user. There are various pieces of software that’ll do this job, too.
You might suppose that, because your IT services have been outsourced to a third party, that your risk has been outsourced with it. This isn’t the case, sadly – and it often takes the arrival of a breach for the company to become aware of this. You might be insured against downtime and loss of data, but no against other forms of reputational damage that result from a breach. If you’re heavily dependent on your computer systems, it might therefore be worth investigating the possibility of more specialised cyber security insurance.
The firewalls and antiviruses which protect your business are not fixed. They need to constantly evolve in order to repel a constantly-evolving threat. For example, your antivirus software will need a list of definitions – samples of malicious code that it will scan incoming data for. If it spots something amiss, it’ll intervene. But it can only do this if the definitions list include the malicious code in question.
Fortunately, modern antiviruses update regularly themselves. The same is also true of operating systems like Windows – which must also be kept updated if the system is to remain secure.
Bring Your Own Device policies are immensely appealing for workers who like to be flexible and autonomous. However, they constitute a security risk, in that they allow a back door via which an piece of malicious code could enter your system, undetected. While the advantages of BYOD are tangible, it’s worth reviewing your practices and assessing the risk regularly.