When it comes to hacking, it is not just large scale or global businesses that are at risk – small businesses are equally likely to fall victim to this threat. This danger became very apparent following the Target department store breach in 2013, an event that compromised the information of over 40 million customer credit cards. It has since been discovered that the breach occurred when the computer system of a small refrigeration company near Pittsburgh was hacked. The connection? They were doing work for the Minneapolis-headquartered retail giant Target.
The problem reportedly arose when an employee of Fazio Mechanical Services’ (the aforementioned refrigeration company) opened an email containing malware, sent from an external hacker. As the company had access to Target’s data network for electronic billing purposes, contract submissions and project management, the malware was able to access and affect Target’s customer data.
This huge data breach has been used as a warning by cyber security consultant Karl Kisbert in order to demonstrate the importance of a tight cyber security policy to IT professionals and small business owners. Kisbert hopes to illustrate the risks and responsibilities that smaller businesses have over financial information, and highlight the fact that business owners need to prepare for the growing potential for cyber attacks.
Kispert explains the general mindset of a hacker when it comes to choosing a victim as such: “If I’m a hacker, the weakest link is a vendor with few – if any – controls around their IT environment.” Often, smaller companies do indeed have holes in their IT security systems, but Kispert suggests that “small to midsized companies are as at risk as any of the companies you read about in the newspaper.” Perhaps if hacking incidents and data breaches within smaller companies were more widely reported businesses owners would be more aware of the risks.
A huge problem with these hacks is that you might not even find about them until months and months after the incident occurs. Thomas Ryan, enterprise security expert at the global IT company, Hewlett Packard says that it takes up to 240 days, on average for a company to discover that they’ve fallen victim to a data breach. Other security experts warn that “no one is immune” to data breaches, especially if their security policy is not watertight. They stress that it is more of a case of when you will get breached, rather than if you get breached.
Unfortunately, due to the constant development of technology no one is ever really safe from the risks of data breaches. However, there are some steps that can be taken to help minimise the risks.
Here are 5 steps that small to midsized business owners can do to reduce their risk of data breaches:
- Shred or destroy any physical copies of documents that contain sensitive data when you are finished with them. Not just paper, but shredding hard drive, CDs and flash drives too.
- Ensure that employees have a strong, randomised password that is changed regularly, ideally every three months or more often.
- Install antivirus software, as well as constantly warning employees not to open emails and attachments from addresses that they do not recognise or trust.
- Install updates to all of your software as soon as they become available. This will help to ‘patch up’ any possible security vulnerabilities.
- Keep your company’s wi-fi network completely private. Encrypt it and hide it from the public, as well as ensuring that it has a secure password that is only told to those who need to know.