Posted by Geraldine Hunt on Thu, May 22nd, 2014
Many IT pros in smaller organisations have a false sense of security when it comes to the robustness of network security at their company. Ofen they believe that their companies’ data is much more secure than it actually is. Because they have some common misconceptions about security, these businesses have left themselves open to both data and financial loss.
Here are five of those common misconceptions:
1) It’s easy to avoid scams.
Phishing gets more sophisticated all the time. It used to be easier to tell when you were being scammed, but now company employees can be victimized with requests that look completely legitimate. Reportedly, the Target breach had its origin in a phishing email opened by an employee at a small HVAC company that did business with Target. The malware lurked in the HVAC network for two months before moving on to attack the Target network.
2) My employees would never—deliberately or accidentally—compromise confidential information.
According to the Wall Street Journal, half of surveyed companies have experienced at least one data breach by an employee in the past year.And half of employees say they’ve taken confidential company information with them when they’ve left a job.
3) Network Security is too expensive.
It’s true that some network security products are expensive and time consuming. However if you scan the market you will find email and web security solutions specifically designed to be very robust, efficient, and effective, yet still affordable for small, medium and large organizations.
When deciding on a new network security vendor it’s important to ask for references in your industry and read lots of reviews from other IT Pro’s. Be sure to ask: "How long they’ve been a client? How has the provider addressed their specific needs? Is the customer service and support responsive and knowledgeable?
A recent Ponemon report says that the likelihood of a company suffering a breach involving more than 10,000 records is 22% over a two-year period. The cost per record in the US for a criminal attack is $246.
4) My business is too small to be a target.
It is often easy for business owners to assume their computer systems are safe from attack because it “won’t happen to my business”. Complacency is a dangerous game when it comes to SMB security. But there's an acknowledgement that despite a growing awareness of the threats, small firms are not always taking preventative action if it's a complex process
Smaller companies are an attractive target to cyber criminals because they tend to have weaker network and online security. An increasing number of SMBs are now doing business online via cloud services without strong security or encryption technology. To a scammers, this represents masses of sensitive and valuable data behind an almost open door. If the SMB had large multinational or Fortune 500 companies as customers, then they’re an even more enticing target and entry point to target larger potential victims.
If you have anything a cybercriminal could conceivably want, such as customer credit card information, client lists, bank account details, social security numbers, then your business isn’t too small. In fact, 95% of credit card breaches discovered by Visa are of its smallest customers. Criminals find that small businesses are usually more defenseless than megabanks.
Even if you don’t conveniently provide credit card data, your computer can be used to attack other computers, your website can distribute malware, or your server can store hacked information. You can also be used to attack a larger company, as in the Target data breach. Sadly, small businesses are often destroyed by cyber-attacks. Almost two-thirds of victimized companies go out of business within six months.
5) I haven’t been hacked yet, so I’m safe.
Hmmm, it’s quite possible to have been hacked and not know it. And even if you’ve been safe so far, that’s no guarantee of future security. Unfortunately, you’ll probably find out you’ve been hacked after the attack. The recent eBay data breach is all too typical. The breach took place in late February and early March, and has just now been discovered. Small businesses can sometimes take even longer to discover their network has been compromised, giving their attackers plenty of time to steal data and anything else they want.