In the wake of the Target security breach, where up to 70 million customers’ credit and debit card details were targeted by fraudsters, more and more businesses are looking to strengthen their IT infrastructure and protect their customers, sensitive data and wider company assets in the process. But what should you be aware of as a small business when it comes to getting to grips with IT security?
We have compiled the five IT security facts every business should be aware of, along with some essential advice for enhancing your security policy and safeguarding your website from hackers and fraudsters.
1. It’s not just large corporations that mean big business for hackers
According to a recent survey, some 87% of small businesses experienced a security breach in 2012 alone, meaning it’s not just large companies with huge profit margins that face cyber attack. Your business’ security strategy should be high on your agenda when it comes to managing and growing your company safely and securely.
Simple measures such as building on e-commerce supported platforms and protecting your hardware and software with regular updates and sufficient anti-virus and firewall protection are basic principles that can be easily implemented to close the loopholes that hackers use as points of entry.
2. Passwords are still the weakest link for businesses
How many times have you heard about the importance of a strong password? Whilst employing a secure password policy seems to be a broken record, a study published by the Global Security Report revealed that weak passwords still present a major threat to IT security. In fact, 80% of all breaches were due to weak admin passwords!
Enforce a failsafe password policy at both the front and back end of your website to ensure employees and customers do their bit in protecting your site from hacker attack. Make it compulsory that passwords are eight or more characters long, contain a cocktail of mixed case letters, symbols and numbers, and that new passwords are formulated on a regular basis.
3. YOU are responsible for preventing data theft
Many businesses may be unaware that it is their responsibility to protect their customers’ data from theft and fraud at the point of sale, not the payment service you use. As an online merchant, you must be aware of the security standards of your home country, many forbid the storage of any sensitive data to prevent merchants becoming prime targets for hackers. Many standards agencies also enforce fines, penalties and even service terminations for the violation of their guidelines.
4. Most malicious attacks come from within
Between 75% and 80% of all malicious attacks come from within an organization, not from an external threat, making it all the more necessary to use ethical hacking services such as security auditing and penetration testing to evaluate your IT infrastructure thoroughly.
Penetration testing is particularly useful, this simulates a hacker attack on your system, identifying the weak links hackers would exploit to gain access to your infrastructure. An internal penetration test can also be used to focus on the commonly breached internally connected systems. Testing your defenses is an essential part of any IT security strategy and with the right vendor you can toughen up your website and applications accordingly.
5. Staff-related cyber breaches are increasingly common
It’s not just important to take measures online to protect your company and its assets, work must also be completed offline to ensure cyber crime doesn’t become a part of your business’ culture. 57% of small businesses reported staff-related cyber breaches in recent years, making it all the more necessary to be vigilant with new and existing employees. Finding employees you can trust is high on the agenda of any business, and it is becoming an increasingly important factor in IT security regimes.
Employee fraud is extremely common across various industries, but by taking precautions during the recruitment process and successfully maintaining the correct level of data protection throughout your workforce, you can ensure online and offline transactions are processed securely.
Brittany Thorley is a business security specialist that regularly shares her expertise across the web. She actively provides guidance to small and large businesses, providing the latest information on penetration testing and IT security.
Interesting article. There is certainly an increase in the number of attacks by Hackers on businesses. These kind of attacks can present a significant, but uncommon threat that will affect the firms productivity in the long run. organizations should take a disciplined approach towards Web application security that focuses on the common security concerns to mitigate these kind of threats.
The most common form of social engineering cyber attacks is Phishing. This is a process where cyber attackers send malicious or infected links to a targeted audience through email, SMS, text or comment and even through phone calls. These calls are focused to persuade the recipient in clicking on a infected link that would open an unauthorized website or a download which would have trojan. In any case, the aim is to extract sensitive data and use to further exploit the recipient’s security network and ultimately extract financial gain i.e.. Ransom.