6 Security Threats To Your SMB

According to the US Small Business Administration’s Office of Advocacy, there are nearly 6 million small business employers in the United States. The SMB market faces security threats on par with its enterprise counterparts with the added challenge of limited IT budgets. Cybercriminals and disgruntled employees realize this truth, and they’re all too happy to exploit this vulnerability.

We spoke with two security experts to get a better understanding of the security threat landscape. The following are the top threats your Small Business faces.

Threat #1: External Storage Devices
“Many serious security problems originate by accident,” says Luke Walling, VP of sales and operations at AVG Technologies. “Employees exchange data with their home computers and third parties all the time. For example, USB drives, external hard drives, CDs, or DVDs are common storage media that are subject to infection.” If external storage devices aren’t at least scanned before accessing company networks, malicious software can easily be released unknowingly, causing problems for everyone connected to the network. The solution is education about this threat and the advantages of a managed security solution over the free, unmanaged software many small business rely on.

Threat #2: BYOD (Bring Your Own Device)
This has some similarities to the first threat, with another layer of complexity added. “The work of the IT service provider is complicated by the proliferation of personal devices found inside the business network, broadcasting, and acting as a bridge between the inside network, to the cellular network, and finally to the Internet,” says Dr. Alistair Forbes, general manager at GFI MAX. BYOD security problems aren’t limited to employees only. “Just about anyone entering your businesses brings devices that can potentially infect your network, Perform an inventory of your equipment, and steal credit and debit transaction data from your wireless network.” says Forbes. Not only do small businesses need to be educated about this threat, but they often need help developing policies regarding the devices they’ll support and determining how personal computing devices will connect to their networks.

Threat #3: Phishing Schemes
Traditional phishing schemes, which try to get an employee to open an email attachment or click a link under the guise of confirming a pending delivery or addressing an issue with a bank account, had about a 5% success rate in tricking recipients. “Spear phishing, on the other hand, fools recipients about 19% of the time because it incorporates a vast amount of personal data about the user, which is easily obtained through social networking communities,” says Forbes. “It is difficult to defend against these types of threats because the vulnerabilities are not technology-based, but rather a result of user error.” While no security solution can perfectly thwart the threat of user error, Forbes recommends small businesses use cloud-based antispam and email and web filtering solutions, which reduce spear phishing threats and even in the event of a breach can quickly quarantine and limit the damage.

Threat #4: Unpatched Operating Systems And Applications
According to Verizon’s 2012 Data Breach Investigation Report, more than 90% of successful data breaches required only the most basic hacking techniques. “The one simple commitment that IT solution providers can make is to patch commercial software quickly,” says Forbes. “Automated patching of both Microsoft and 3rd party applications is an important investment in securing organizations from compromise.”

Threat #5: Data Theft
This type of threat is particularly difficult because it’s often an inside job. “Small businesses very seldom have the tools in place to mitigate this very serious threat,” says Walling. Without the proper security systems in place, a disgruntled employee can walk away with your customers’ entire client database, product patents, and other confidential information. “As more businesses move to the cloud, the problem can actually grow as the traditional on-site file server, which managed access rights and audit logs, is replaced by a shared cloud storage service that’s often designed for consumers, not businesses,” says Walling. Educating small businesses on this topic is an essential step to protect them.

Threat #6: IT Equipment Failure
Whether it’s caused by a virus or normal wear and tear, small business servers and workstations are eventually going to fail. “What happens if your business loses all of its data today?” asks Walling. “Or, more common: What if one of your key employees loses access to their computer for a whole week due to a virus or hard drive failure?” The cost goes beyond the cost of replacing the device and gets into the cost of loss productivity as well as the question of the value of any data lost. The solution, according to Walling, isn’t just having a data backup system in place, but understanding each customer’s RTO (recovery time objective). “Most small businesses today don’t back up their data, let alone have a recovery plan in place that can help them not only to restore their data, but to get back up and running in a timely fashion.”

Is your Business doing all it can to protect it self from these threats? Give us a call or send us an email at Outhouse IT, we can help!