Impact of Security Breaches to Small Businesses

Security Magazine ran an article recently about the effects of security breaches on small to mid-sized companies. The author estimated that nearly 60% of small business hit with an attack – or hacking – go out of business in six months or less. That is a staggering statistic. It had us thinking – what is the best practice when addressing network security for a small or mid-sized business?

Before coming up with an approach it is important to understand that these attacks can come from a wide variety of sources. While hacking or malware get a lot of press, there are other sources that can wreak havoc with your company’s bottom line as well.

  • Credit/debit card fraud
  • Internal employee attack
  • Lost paper documents
  • Lost mobile devices, or
  • Accidental disclosure by someone within the company

“Companies don’t often think of all the ways security can become an issue,” said Joe Paquet, Axis VP of Vendor Alliance and Relations. “Even in a small company, not having a policy in place for using and downloading software to company devices can leave a company vulnerable. Making sure that employees understand the risk involved in downloading from the web or how to spot a potential email attack is very important.”

Paquet pointed out a few important steps that can help any small business.

  • Use a secure wireless connection. You can be an easy target without taking the simple step to password protect your wireless network.
  • Update your software. Many small businesses do not actively manage their software updates, which make them vulnerable to some of the most severe security attacks, like ransomware. Anti-virus software is a must, but it is also worthwhile to schedule a security assessment which will help establish a plan to keep you secure.
  • Use a secure connection for receiving/transmitting sensitive financial data. While use of SSL or similar solutions is something our clients are generally well aware of – a security assessment can help ensure that all of your systems are protected. In today’s dynamic IT environment having protection that can flex with your systems is more important than ever.
  • Institute a privacy policy. We recently discussed changes to privacy policy that will affect companies around the world. If your company does not have a policy in place you may be at risk.
  • Back-up. Depending on your business needs there are many options to ensure your company can recover from a security event.

“It is well worth having a formal password strategy in place which adds a layer of protection,” said Paquet. “Putting one in place can prevent headaches down the road.”

Paquet recalls the time his Professional team arrived at a client site for a device refresh. They were shown a sheet posted at the reception desk with all of the company passwords including everything from systems information to desktop login information. The client felt it was easier to leave them posted in case anyone needed them and hadn’t given thought to potential risks, both internal and external, to doing so.

In addition to the steps above it is also important to keep an eye on the more physical element of security. When retiring devices such as laptops it is important to carefully remove software and company data before you let that device leave your premises. Axis can help you be sure your devices are clean which eliminates the risk of security issues as well as software licensing issues.

“The risk of a security breach is quite real but there is a lot you can do to help prevent an issue. And preventing a security breach is less costly than fixing one,” added Paquet.