Businesses that don’t consider themselves likely targets of cybercrimes should think again.
Criminals view businesses as prime targets. According to a recent Internet Security Threat Report from information security firm Symantec, 31 percent of all targeted attacks are now directed at those with 250 employees or less, a threefold increase from 2011.
One reason smaller businesses are ideal targets is because they can be used to gain access to other companies. This common practice, when criminals seek alternate pathways to infiltrate larger institutions, is known as “spear phishing.”
Here are five tips that businesses can use to protect themselves.
Solidify your foundation
With a little research and some technical know-how, most business owners can take a number of steps themselves.
- Install a firewall to prevent unauthorized users from accessing your private network.
- Password-protect your Wi-Fi system. Encrypt your data.
- Back up business-critical information at an offsite location.
For more ideas, look at the Federal Communications Commission’s cybersecurity tip sheet. The FCC also offers the Small Biz Cyber Planner 2.0, an online resource to help small businesses create cybersecurity plans.
Educate your employees
The National Cyber Security Alliance, a public education organization, provides a number of tips, including setting clear rules about what employees can install on their work computers and installing spam filters to prevent unwanted and/or harmful emails.
Track available access points
When all employees worked in a central location and used company-provided desktop computers, tracking and securing them was a much simpler task. Today, employees often use their own laptops and smartphones, opening employers to device risks and mobile application risks.
This “bring your own device” challenge may require a mobile device management plan that not only ensures the secure exchange of data between an employee’s device and the company’s systems, but also has the ability to track, control and wipe devices clean if lost.
Consider this fact from Lookout Inc., a mobile security company, when deciding: One in 10 people have had their cellphone stolen.
A typical mobile device management plan can also prevent applications from gaining access to information stored on users’ devices. Some malware steals credit card information and then signs people up for unwanted services. More serious versions may capture bank account access codes.
Invest in “security-as-a-service”
Until recently, the only way to monitor your company’s cybersecurity was to have a team of experts deploy a system onsite — an expensive endeavor. With the advent of cloud computing, businesses can benefit from greater economies of scale and streamlined delivery mechanisms, according to the Cloud Security Alliance.
You probably protect your company’s headquarters with guards, locks and closed-circuit cameras — how are you shielding your data?
Think about the impact on your business if your most valuable information was stolen. It could be trade secrets, formulas or other intellectual property. It could be customer data such as credit card or Social Security numbers. Or it could be the devastating leak of your financial reports or details of an upcoming acquisition.
Some insurance companies are selling so-called data compromise coverage to mitigate the impact of financial losses from data breaches. Given that some states require companies to notify individuals if their personal information is leaked, the reputation risk alone can damage your business. ●
Chris Hetterly is managing director of GE Capital’s Technology, Media & Telecommunications Business. He has been a leader in technology debt finance since the sector’s earliest day, founding the Technology Industry Group for Wells Fargo and co-founding the Defense, Aerospace & Technology Group for Wachovia Securities before joining GE Capital in 2011. For more information, visit gecapital.com/tmt.
Connect with Chris Hetterly on LinkedIn http://linkd.in/19hOYsQ
Connect with GE Capital on Twitter @GELendLease