Is your business protected from a data breach?
As a small-business owner, you might not be the focus of a Target-level event like the one that compromised more than 100 million of that company’s customers, in 2013. But you are potentially the target of smaller-scale threats that still pose a great danger to your business and your livelihood.
“Securing IT infrastructure is often an afterthought for small businesses,” said John Salamone, vice president of SMB Sales at Kaspersky Lab North America. “This is a mistake, especially considering that, according to the National Cyber Security Alliance, one in five small businesses are attacked by a cyber-criminal each year.”
And so, let’s look at three ways that digitally-based threat actors get into SMB data — from outright hacking to point-of sale attacks (and also the in-house human factor in cyber-security). Along the way, we’ll consider ways to stop these threats at your virtual doorways.
3 Threats, 3 Solutions: Stopping Data Loss for SMBs
It’s not just a cyber-thief in a dark room, tapping keys. Cyber-security is a brick-and-mortar, on-site consideration as well. Beyond simply educating workers about phishing and scams, the following three threats, and the response-strategies that can stop them, address key approaches for SMBs.
- Threat: Mobile-device intrusion || Solution: Encryption for laptops, tablets, smartphone. It’s a mobile world, and workers value their work-anywhere capabilities thanks to laptops, tablets, and smartphones. Convenience, however, comes at a price. Companies should institute a personal VPN service on their employees’ mobile devices. A VPN will encrypt the Internet connection — even if it’s a public Wi-Fi spot — so business tasks like e-mail communication, data and file transfers, and Web browsing remain private and secure.
- Threat: Customer information stored in the merchant environment || Solution: On-site point-to-point encryption. If sensitive customer data such as credit card numbers are a target, then SMBs would do well to minimize the presence of that information in their systems. One method is to encrypt everything the business takes in at points of sale. “With a P2PE-enabled device in play, the credit card data is securely encrypted as it is swiped, and it’s passed in encrypted form to the credit-card processor,” explained Nathan Casper, marketing manager at Shift4, in an e-mail. “From there, a token value is handed back to the merchant that stands in place of the real card number, allowing merchants to handle refunds or recurring transactions without exposing them to the risk of holding on to actual cardholder data. This combination of P2PE and tokenization likely would have prevented the breach at Target because there would have been no data in their system for the thieves to compromise.”
- Threat: Rogue insiders and ex-employees retaining access privileges || Solution: Robust identity-and-access management policy. Whether they’re still working for you, or they’ve left, access privileges are a soft spot for SMBs (and all companies). With an IAM system in place, however, an owner or IT manager can quickly revoke all access privileges when it comes to a given employee, current or past.
While cyber-threats are myriad, starting with these strategies — visiting and re-visiting both the basics of your software infrastructure and your employee data-access tools — your business information will be safer. Your customers will thank you for that … and you’ll stay clear of that dreaded 70% club of SMBs, the ones that lost it all due to data loss.
>Next Up: Want to protect yourself and your business from hacking? Then Never Use These 7 Passwords