Your Small Business is Big Business for Cybercriminals

By | June 3rd, 2014|Uncategorized|

public wifiThis post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.

This cyberSAFE guest blog post comes to you from Kent Lawson, founder and CEO of Private Communications Corporation and creator of its flagship software PRIVATE WiFi. In 2010, after 12 years of retirement, Kent became interested in Internet privacy and security issues and the vulnerability of wireless communications in WiFi hotspots. He created Private Communications Corporation to protect consumers and corporations from privacy and security breaches on the Internet. PRIVATE WiFi, the company’s first product, protects individuals and business people while using laptops and other mobile devices at public WiFi hotspots.

Do you think your business is too small to have data that’s valuable to hackers? If that’s the case, you may be unknowingly exposing it to cyber threats that could spell disaster for your business. A whopping 42 percent of SMBs said they experienced a cyber attack within the past year, according to the 2013 Risk of an Uncertain Security Strategy study by the Ponemon Institute. Yet, despite that hair-raising statistic, 58 percent of the SMBs surveyed said senior management doesn’t consider cyber attacks a significant risk to their organizations. How’s that for denial?

It’s not surprising that cyber security complacency continues to make SMBs prime targets for cybercrime. Small and midsize businesses are lagging behind in their cyber security efforts, according to Symantec’s Internet Security Threat Report 2014. As a result, SMBs experienced the highest number of targeted attacks overall last year, nearly double the number from 2012. Even worse, those attacks lasted longer than ever.

Granted, it’s hardly a level playing field when it comes to SMBs and cyber security. Smaller businesses may not have a full-time IT staff like larger companies. They might not have a company network or maintain a corporate VPN. To control costs and improve productivity, SMBs may allow employees to use their personal mobile devices for work. But without a strong BYOD policy, the blurred line between personal and professional time opens the door to compromising company data.

SMBs and Mobile Devices: Who’s Minding the Store at WiFi Hotspots?

Nowhere is that security vulnerability more obvious than when employees connect to public WiFi hotspots. Since most WiFi hotspots aren’t encrypted, the data traveling them can literally be grabbed out of thin air. As a result, data theft is rampant. But that threat hasn’t stopped workers from routinely logging into hotspots. A 2013 survey by GFI Software revealed that over 95% of workers admitted using public WiFi connections at least once a week during their commutes to carry out work-related tasks, such as sending and receiving email, reviewing and editing documents and accessing company servers. More than one-third (34.2 percent) reported that they accessed public WiFi at least 20 times per week.

Think of it this way: Every time an employee accesses company information on a WiFi hotspot, the likelihood that your business will be the victim of a cyber attack goes up. For many SMBs, that risk isn’t hypothetical. More than 40 percent of small businesses report that they have been victims of a cyber attack that cost them thousands of dollars, according to a 2013 survey conducted by the National Small Business Association. Have you considered how much a cyber attack could cost your business? For many, the cost was too high: 72 percent of small businesses that suffered a major data loss shut down within 24 months. Make sure it doesn’t happen to you.

These are the simple steps you can take to protect every mobile device that touches your business.

How SMBs Can Secure the Mobile Workplace

  • Make sure to install firewall and anti-malware apps on all mobile devices used for your business, and promptly install app and OS updates.
  • Use strong passwords of upper and lower case letters, numbers and symbols and different passwords for each site. And uncheck the box that automatically saves them.
  • Check before connecting to hotspots with strange names. Watch out for unusual variations in the logo or name of the establishment that appears on the login-page. That could mean it’s a fake hotspot designed to steal your data.
  • Disable features that automatically connect your device to any available network. This will prevent you and your employees from accidentally connecting to a fake WiFi hotspot or a stranger’s computer.
  • Disable printer and file sharing options before connecting to a hotspot.
  • Limit your employees’ access to company data to include only what they must have to do their jobs. Also, make sure all the mobile devices used to conduct business – laptops, smartphones, and tablets – are protected by a VPN. VPNs like PRIVATE WiFi encrypt the data traveling to and from your mobile devices, which makes it invisible to hackers.

Three Ways to Boost Security Awareness at Your SMB

By | May 14th, 2014|Uncategorized|

SMB week_2014Let’s face it: employees can be a weak link in your business’ security. Human error accounts for 80 percent of company breaches, showing that the security industry and businesses have a long way to go to educate employees on security awareness.

In the spirit of National Small Business Week, a time to reflect on the contributions of America’s small business owners, we wanted to share three key ways you can help employees be aware of security risks. It all starts with having a plan in place.

1. Create security plans that fit your SMB’s needs
How should an employee handle a phishing attempt? What are employees supposed to do when a data breach occurs? What workplace topics are appropriate to post on personal social media accounts? The answers to these questions should be available to employees to reference when a security risk arises. It is important to have a social media policy, data breach preparedness plan or processes in place, but many organizations are lacking in this area. According to SocialMedia Today, more than one-third of businesses do not have a social media policy. Additionally, more than half of U.S. SMBs experienced a data breach in 2012, but only 12 percent had a breach preparedness plan in place. The first step in achieving security awareness is creating a prepared and organized security plan.

2. Educate employees and make security plans easily accessible
The next step in integrating security awareness into your company culture is educating employees on how to handle security risks. Training and education are vital to protecting your business from outside – and inside – threats. As the average annual cost of SMB cyber attacks in 2010 was $188,242 according to Symantec’s “Should Small Business Worry About IT Security,” your business cannot afford any weak links in the security chain.

3. Enforce plans, but be approachable
Many employees are nervous to bring up security questions or issues because they are afraid of getting into trouble. Always tackle security awareness and policy enforcement with an approachable attitude. The worst thing that an employee can do is stay silent when there is an issue.

On June 10th, we will be hosting a webinar on how SMBs can better protect against financial and reputational risks. Check out the cyberSAFE webinar blog post for more information and to register! As always, you can let us know what you think about SMB security awareness on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Load More Posts