Online security is one of the hottest topics of the Digital Age. Major government agencies as well as large enterprises like Sony, Google and more recently, Citigroup, have made front-page headlines for massive security breaches.
But what many people don't realize is that cyber-criminals find SMBs to easier targets. Although attacks on SMB are less publicized, they occur much more frequently. Reports indicate that during 2010, up to 86% of SMB websites contained vulnerabilities of medium risk level or higher.
A single online security breach has the potential to wreak havoc on a small business. In addition to the possible loss of company data, the unauthorized release of your customers' personal data can send your business into a PR tailspin, severely damaging your brand and crippling your reputation in the marketplace.
Alan Wiasuk, CEO of 403 Web Security (a company that specializes in web security development and testing) identifies three actions SMBs can take to lower their vulnerability level and dramatically reduce the potential for a front-page security breach.
Implement robust password procedures.
Strong passwords are your company's first line of defense. But even though password requirements are simple to implement, many SMBs lack robust password security. Require strong passwords (incorporating minimum length and complexity) and mandate company-wide password changes every few months. Simple passwords can be compromised by automated "guessing", but even more complex passwords can be jeopardized if they aren't changed on a frequent basis.
Review your backup policies.
In today's security environment, it isn't enough to just protect your PCs and network -- you also need to be proactive about securing your data backup system. Online thieves can use backups to recreate your entire system and exploit your data for malicious purposes. As soon as possible, perform a review of your backup policies and procedures, making sure that your system backups are secure and encrypted.
Plan for a system recovery.
Sometimes online attacks are launched for the sole purpose of destroying data. Whether a theft occurs or not, your entire system could be lost simply for a hacker's personal amusement. Protect your small business by creating and updating an actionable data recovery plan.