A quick Google search for security threats that plague small businesses turns up a vast amount of results ranging from such banalities as hackers to the most outlandish of exaggerations about brand monitoring and diverted funds. To be sure, small businesses are prone to the same weaknesses and vulnerabilities as larger enterprises, but their smaller size, scope and focus are as much of an advantage as a problem.
Here we look at the 10 most serious, current and underreported security breaches that affect the small business sector in Canada:
1. Malware infections that lead to data and productivity losses. Weaknesses caused by poorly configured systems and unpatched applications account for most software infections. Automatic software updates – such as anti-virus files and operating system patches – are often all that’s required to keep up to date with the latest system vulnerabilities. This extends to everything, from the proper installation of voice mail systems to the setup of company e-mail.
2. Malicious breaches that go on indefinitely. Many security vulnerabilities exist for years before being detected, if ever. By adequately monitoring attacks, error logs and changes on the network, small business owners can make informed decisions about investing in security. And when it comes to monitoring, outsourcing to one of hundreds of managed IT service providers makes good business sense.
3. Hijacked domain names. Imagine losing the keys to your house, and powerlessly watching criminals as they make themselves at home in your house. Loss of control over internet properties is a serious business interruption as perpetrators often redirect websites to illicit destinations, and intercept the conversations of unsuspecting interlocutors. Ensuring that Internet domains and hosting accounts are locked down will go a long way towards protecting against this type of (usually ransom-related) crime.
4. Loss of accountability over employee accounts. Shared passwords and accounts are a common occurrence in small businesses. Whether people go on maternity leave or step away for a vacation, the unfortunate practice of sharing access credentials still takes place because it’s convenient. The drawback is that without unique passwords that are only known by their rightful owner, accountability for any actions conducted using the account in question cannot be established. To avoid having someone else make mistakes or cause intentional damage using accounts that aren’t theirs, small businesses must instill a culture of accountability that begins with properly defined and enforced security policies.
5. Insider threats and disgruntled employees. Employees must knowingly be subject(ed) to acceptable use policies, confidentiality agreements and strict security policies to ensure. To prevent against damage perpetrated by employees with too much access, small businesses must ensure that employees are aware of their responsibilities and system privileges by ensuring that everyone is trained on security awareness on an annual basis, and that they all sign documents indicating that they understand the training, policies and agreements.
6. Breaches caused by connecting (from) infected devices. Whether employees connect to work to read their e-mail or plug in an iPod, there is a potential for infection from devices that are or have been outside the relatively safe network perimeter. Any connection to work systems should be done from a dedicated work computer and not one shared by the entire family. Similarly, personal USB devices should be banned in favour of company-supplied ones that come with data encryption built in by default.
