Smaller businesses have generally operated with very limited investment in information security. Perhaps lulled into a sense of “security through anonymity,” some businesses have decided that investing their resources in security was overkill.
Times have changed.
Hacking in the past was primarily a sport, something done for fun or fame. Today, the threat landscape has changed dramatically with automated hacking tools, sophisticated methodologies for harvesting information, regardless of the size of the information source. Hacking is big business.
What does this mean to small business?
Without trying to sound like an alarmist, by choosing to funnel all of your resources into other areas of your business while operating under the security through anonymity philosophy, you may be risking everything. Consider the amount of proprietary information that is contained on your computer. Multiply that by the number of computers in your company.
Step back a bit more and add in all of the mobile devices and smartphones that contain bits of this information.
One more step back: Imagine how many of these devices are connecting to the company’s server remotely. Now, imagine all of the customer data, personal information, your own company information, intellectual property, patent info, financials, personnel details, government filings; it’s mind-boggling.
The fact is: If you have a business in operation today, regardless of its size, there is vital information specific to your individual business that no other company has. If you’re in business…you have information that someone else wants.
What can you do?
Get educated. Informing yourself costs nothing. You don’t need to become a security engineer, but understanding what the risks are is imperative.
Encrypt your data. This will take some effort, but encryption can provide real protection.
Use anti-malware. Arm all of your devices – and all of the devices that connect to your network – to aid in limiting the risk of infected devices through the corporate system.
Control over access. This is critical. Control access to approved devices that are connecting to your systems.
Ask yourself: Would you hire someone without checking their history and qualifications, and hope for the best?
Would you randomly align with a financial institution or payroll company without researching them?
Why is the security of your company’s information any less important?
Make the investment to learn the risks and areas that your business is exposed. Maintain control over who accesses your information, from where, and when. Think your business is too small now?