Wednesday, October 21, 2015

Smaller Businesses Under Increasing Cyberattack

The latest data breach investigations study by Verizon showed that 71% occurred in businesses with fewer than 100 employees.

Ensuring data security for smaller firms is increasingly a game of 'risk and consequences.' Cyber criminals want personal and financial data and will strike when they want and how they want to get it. The most common consequences for small firms are financial loss, customer disruption and extensive recovery efforts.

Cybercriminals will take customer or financial records, donor or client information and proprietary business information critical to the success of the business.

Their goal may be schemes such as data theft, extorting payment for returning a computing network to a working state or submitting fake invoices for payment.

The question for many businesses is what to do about these threats. Turning the problem over to IT does not solve the problem. Cybersecurity is a team sport involving technicians, management and employees.

The largest proportion of data breaches occur because employees are either not following established data security procedures or lack such procedures to follow. Both of these vulnerabilities are addressable.

Steps as basic as providing employee training can limit cyber risks substantially. Excellent training courses are available via the Homeland Security website, where vendors such as SANS Institute offer their products.

Training will not be enough to tame cybersecurity exposure unless security becomes part of the culture of the organization, i.e., "This is how we do business."

Risk and consequences. Limit the former or expect the latter.