Expert Answers to Biz Questions
Listen in! Pick up some expert advice to a reader's question that we selected from CyberSchmooz.
How Seriously Should Business Owners Take IT Security Concerns?
It’s tempting for a smaller company to look at the current situation within IT and not take it seriously. They may think that cyber-attacks are something that only happens to the big corporations, not the small startup or businesses that few people outside their industry have heard of. Well, yes and no…
The reality is that there are many potential threats from different directions that are possible. It can be someone being malicious or something that happens seemingly by accident that causes a problem for the company. Being a small business, any extended disruption to trade could spell the end of the company, which perhaps gives some indication of the seriousness of IT security and how bad it can get should things go wrong.
Let’s now consider whether top security is important, and if so, what types of threats are worth worrying about?
Is the Threat from Cyber Security Overblown?
For smaller businesses, it depends what sort of industry they’re in and what they’re doing. While your company might still be relatively small, if you’re producing a product that is of interest to other people, they might still notice you.
You don’t need to be a big name to get attention from hackers! They target all sorts of businesses out of boredom, frustration and a host of other reasons. Their motivations don’t have to be financial either – they could disagree with what you offer, the charities you support or something totally random. There doesn’t even need to be a logical reason why a teenage hacker did what they did.
How is a Small Business Vulnerable?
The first way that the business is vulnerable is from within. Employees, approved visitors and anyone else who comes onto the premises could do something to the company network. If the USB ports on computers aren’t secured with software that prevents their use, a virus on a USB flash drive could get onto the network when someone plugs a flash drive in for only a few seconds, which might not even be caught on CCTV.
The second vulnerability is through people trying to access the company’s network if it’s a wireless one. In this case, they could attempt to figure out a username and password combination that will work and get them access. Wi-Fi signals are now strong enough to get through brick walls – plenty of people use McDonald’s customer Wi-Fi access from their parking lots – van dwellers who pop in for a coffee ostensibly do so to make use of their wireless internet access back in their van!
The third vulnerability is from online threats. These could be a hacker on the company’s website that is hosted by a third-party web hosting provider or hackers trying to access the company’s network from afar. Both threats are dangerous in different ways, depending on how much the business either relies on their website for e-commerce sales or if the office can stay operational to provide sales or customer service support, accounting and other important back-office functions.
So-called phishing attacks are based around the idea of an individual pretending to be your business and getting the customer to contact them. It’s is often done by sending an email to the person using your company’s email address or a deceivingly similar one. Such cases are commonly in the news with many banks having difficulties with phishing attacks.
The reason people use phishing is because, once someone believes that they’re communicating online with a business, they let their guard down. If they’re wanting to purchase a product, they’ll willingly give their credit card details and personal information. This opens the door to fraudulent charges on their card. With enough information about your customers, identify theft is another approach where digital thieves will attempt to take out new loans and bank cards in that person’s name.
Whilst phishing doesn’t always directly affect a company, it can hugely affect your customers, which can lead to lawsuits and a complete loss of faith in the brand.
It’s worrying to learn that over 70% of ransomware attacks were aimed at small businesses in 2018. This is usually because they have fewer IT staff to protect them or resolve the issue, making them a viable target.
Ransomware is software that is inadvertently downloaded and accessed, locking the computer’s access. Typically, it encrypts the contents of the hard drive and may get onto the network too. A countdown clock is then shown with instructions how to pay the ransomware creator to decrypt the drive and remove the software.
It can cripple a small business when a computer gets infected. The ransomware files themselves often arrive as part of a file archive or attached to a seemingly legitimate email that an employee unwittingly opens.
Beefing Up Security
In the first instance, you’re probably best as a small business to get security experts to come in and do a security audit on your computer network. This will ensure that it is setup in a secure manner and other procedures are strong enough to avoid the obvious security threats.
Longer-term, it makes sense to have to person in charge of IT take a cyber security course to improve their knowledge in this area. Studying for a masters in cyber security from ECU is an obvious choice, as it will provide a thorough understanding of many aspects of IT security. Taking an online course at Edith Cowan University allows students to keep their day job and study in their spare time.
Given the various risks described in this article, it is evident that small companies are actually more at risk from cyber security issues than their larger counterparts. It is, therefore, necessary to take precautions to protect your business from taking a cyber hit that it cannot survive. This is one area where reacting after the fact can be catastrophic to a business’s survival, especially for smaller companies. Don’t wait to protect your business from cyber security threats, or it may be too late.
Copyright 1995-2019, Idea Cafe Inc. Downloads are for personal use only, not for resale to others, and may not be reprinted in any form without written permission from Idea Cafe Inc.
DISCLAIMER: We hope whatever you find on this site is helpful, but be cautioned that it may not apply to your own situation, or be totally current at any given time. Idea Cafe Inc. and all of its current and past experts, sponsors, advertisers, agents, contractors and advisors disclaim all warranties with regard to anything found anywhere on this family of websites, quoted from, or sent from Idea Cafe. and its related sites, publications and companies. We also take no responsibility for comments published by others on these pages. TRADEMARKS: The following are Registered Trademarks or Servicemarks of DevStart, Inc.: Idea Cafe®, Online Coffee Break®, The Small Business Gathering Place®, Take out Info®, Biz Bar & Grill®, Complaint-O-Meter®, A Fun Approach to Serious Business, CyberSchmooz, and BizCafe.
DISCLAIMER: We hope whatever you find on this site is helpful, but be cautioned that it may not apply to your own situation, or be totally current at any given time. Idea Cafe Inc. and all of its current and past experts, sponsors, advertisers, agents, contractors and advisors disclaim all warranties with regard to anything found anywhere on this family of websites, quoted from, or sent from Idea Cafe. and its related sites, publications and companies. We also take no responsibility for comments published by others on these pages.
TRADEMARKS: The following are Registered Trademarks or Servicemarks of DevStart, Inc.: Idea Cafe®, Online Coffee Break®, The Small Business Gathering Place®, Take out Info®, Biz Bar & Grill®, Complaint-O-Meter®, A Fun Approach to Serious Business, CyberSchmooz, and BizCafe.