Cyber threats to small and mid-sized businesses are on the rise. What can you do to protect your company?
By Charles Tendell
It’s rare to see a week go by without a major news story about a large, nationwide or worldwide company suffering a cyber security breach that impacts hundreds of thousands or even millions of customers, and causes severe damage to a company’s reputation.
What’s less apparent is that countless businesses of all sizes are being victimized on a daily basis by this type of intrusion and cyber threats. While larger companies receive the press attention and also have resources to survive and combat most cyber threats and attacks, it’s smaller businesses that can be crippled or even put out of business. Here are four major areas of cyber crime and steps that can be taken to limit a company’s susceptibility to each category of cyber threats:
Competitor Financed Intrusions
The ugly side of business competition can raise its head through unethical and even illegal actions by competitors. One common example is ‘Black Hat’ (bad guy) search engine optimization (SEO) tactics, such as buying negative backlinks to a competitor’s site. This usually includes problematic content such as human trafficking or sex sites, malicious links that can cause Google to flag the victimized company in a way that severely diminishes the business in searches, or have the sites de-ranked in Google search results. Small businesses can combat this by maintaining a Google webmaster tools account and regularly updating their site content. These companies should also do regular checks on backlinks using online tools; small business owners can then contact the link holder and ask to have it removed or hire someone to have the links removed.
Intellectual Property Theft
Intellectual property (IP) theft occurs across all sectors of the economy, not just technology companies that tend to receive more coverage of such cyber threats and crimes. Many companies have some form of IP, and as a business advantage it’s subject to theft. This can come from a current or former employee, a competitor or even a foreign government (particularly where federal contracts are involved). In order to combat IP theft, companies should create logical separation of accessibility to information. Only a limited number of highly trustworthy people, based on background checks and other predetermined items such as position and potentially clearance, should be allowed access to critical IP on a ‘need-to-know’ basis. Those with access should sign legally binding documents regarding protection of the information. Documents should be encrypted and systems should either disable USB devices to copy materials, or track who does so as a strong deterrent to theft.
Mobile Cyber Threats
It’s commonplace for companies to allow employees to use their personal devices for business purposes, and connect to company systems. The proliferation of smart devices comes with great convenience and productivity, but also tremendous risks. Business information can be compromised based on each person’s system controls, which are often not up to company standards. The chain of cyber security is only as strong as its weakest link and mobile devices can be wirelessly hacked, or the simple loss or theft of a device compromises data. To help protect against mobile threats, companies should implement a mobile device management mechanism across all devices, not just company provided ones. This could involve encryption and protocols that limit or eliminate the capability of sending attachments. Companies also have to tell employees about the importance of such policies and should have them read and sign documents requiring adherence to company standards.
Theft of Client Information
Cyber incursions often pursue client information held by a partner company as a way to take business and undercut client confidence in a partner company holding the information. Cyber criminals can pretend to be a trusted source at the partner company and gather more information. Law firms are examples of businesses that hold a large amount of important client data. It’s a good lesson to extend system security to cover client information and also to make certain other companies protect your data with equal vigilance.
The cyber threats noted can be highly damaging and result in cyber ransom, which has been on the rise. It often starts with demands for small amounts of money that increase after initial payment. Many companies now retain ‘White Hat’ (good guy) hackers to test systems in order to find and fix weaknesses and improve security.
About the Author
Charles Tendell, a cyber security expert and master at discovering and stopping cyber threats, is Founder and CEO of Azorian Cyber Security (http://azoriancybersecurity.com) in Colorado. His email is Charles@Azoriancybersecurity.com.