It is the trickle-down effect no small business wants. The big businesses are getting better at locking up their IT, so the criminals are scanning for softer targets. The pickings are still rich:
1. SMEs often have vast collections of credit card data and other valuable information.
2. If they work with larger corporations, their systems could provide a soft target for a backdoor attack on the bigger business.
3. At the very least, SMEs risk their own banking details falling into the wrong hands.
SMEs can present as easy targets because they have less time, money and expertise for security at their disposal. Their only security test might be whether all their computers are running up-to-date antivirus software. That is crucial, but it is just the beginning.
Attacks often begin with a "phishing" email or even a social engineering phone call. Make sure employees know not to open any attachments that are remotely odd. They should also know never to give information like passwords over the phone, whomever they think is asking. (Ideally, passwords should be so complicated they would be hard to spell out over the phone.)
Access points need firewalls. Endpoints and servers need anti-malware. Whitelist sites where employees can download software so that anywhere else is off limits.
And all software should be up-to-date. If a patch comes out, it’s because there is a vulnerability in your system that might already have been there for a while and is now widely known, so do not delay.
When disposing of old computers, USB sticks or anything else that stores data, get the drill out. Destroy everything. If you do not know how, contract someone who does.
At the same time, think about physical access. Hackers do not just sneak in over the wires. Who can walk up to one of your computers or pick up a loose USB from a desk? Lock down all computers when you are not using them.
What does each employee really need access to? It is not about trust; it is about everyone contributing to data safety. Restricting employees’ access to information they do not need protects them too. No one wants to be the one who let hackers empty the company’s bank account because they double-clicked the wrong email attachment.
What do you expect of employees when it comes to data security? Lay it out in a policy.
A simple policy not only promotes a culture of security, but it also educates and education is essential when people are the weakest link in any IT system.
CONTENT CREDIT- Katrina Brennan