Is Your Small Business Easy Prey for a Cyber-Criminal?

excerptDonny-300x2251It’s almost becoming an everyday occurrence — a major company being hacked.   And if big companies are falling victims to cyber-criminals, what about small businesses?  Small businesses are easy prey for these unscrupulous folks.  Don’t think it won’t happen to you.

For some excellent advice, I turned to personal security and identify theft expert, Robert Siciliano for advice.

The Small Business Expert:  Robert, first let’s talk about protecting your data in the event of a disaster.  We’ve seen many small businesses have to close their doors because of a natural disaster, and yet if they’d protected their data, that might not have been the case.

Siciliano: Being informed is what it’s all about, you know knowing the red flags to look for, knowing the signs, doing your homework, having systems in place and essentially having a contingency plan. You know the adage if you fail to plan, you plan to fail holds true with all things security.

THE Small Business Expert:  You mentioned a contingency plan.  How do you go about creating one of those?

Siciliano:  Well, it boils down to determining risk.  So if you look at the nature of your business and the risks that you might face, whether that’s from a disaster or theft whether,  internally or externally.  You look at all the different risks that you might face and then from there, you know, you put together a plan to mitigate those risks.  That might involve going out and sourcing consultants that specialize in that or picking up a book or a manual — taking some type of a seminar and determining how to calculate those risks versus the reward and ultimately put together that plan of action so that if something was to go bad you would know how to respond step by step.

THE Small Business Expert:  Okay, let’s go back to the topic of cyber-security.  When major brands are getting hit, how in the world can a small business protect itself?

Siciliano:  That goes back to that contingency plan, putting together a plan of action, bringing in the right professionals and then having the basics in place — having  a firewall, having the right hardware and software. Again knowing what your risks are as far as the data is being protected.  If you’re a retailer establishment or any type of a business that takes credit cards then you have to follow the payment card industry’s standards which means that generally —  annually or bi-annually or semi-annually — you are going through processes in which your data or the security of that data is looked at externally, meaning that somebody is coming in through your network, through a firewall, they are going over your systems, looking for certain systems in place.  It might also mean that somebody is coming inside your facilities and looking at your technology, making sure that everything is secure so that ultimately you fall under the guidelines of the payment card industry standards.  You have penetration testers, these are ethical hackers, good guy hackers, they come in and look at your security and they determine what it is and what it isn’t and then they do what is necessary to ensure that your data is protected by seeking out certain vulnerabilities and then patching any of those vulnerabilities. So there’s a number of things that go into place depending on the size and the nature of your business but ultimately you know you got to do something, the worst thing you could do is nothing.

THE Small Business Expert.   It appears to me that the key is to really stay on top of things.  Just as soon as a new antivirus comes out or some protection these criminals figure out another way around it.

Siciliano:  Yeah, that is correct. So there’s no such thing as 100% security. Security is an ongoing process that involves continually employing people whose job it is to make sure that systems are patched and updated that they are looking for vulnerabilities that they are continually seeking out the bad guys within their systems protecting the systems from that happening in the first place. Again it’s an ongoing process. There’s no such thing as a 100% security and the moment that you think you are secure is when the bad guys attack.

THE Small Business Expert:  You’ve given us great advice. I really appreciate your time and I hope that small businesses will listen and they will act on this advice.

Siciliano:  Yeah, and you know again the best thing you can do is stay on top of this, stay on your toes.   Benjamin Franklin once said that to be safe is never to be secure, which means never resting on your laurels, always being aware.

Sponsored by AT&T