A report by security software developer Kaspersky cites that nearly four out of 10 businesses do not know how to deal with targeted attacks. The Identity Theft Research Center (ITRC) also indicates that, just in 2016, there were 980 reported security breaches that compromised millions of user information records.
Mainstream media mostly covered large corporations and governments being involved in such fiascos, but the ITRC list shows that attackers do not discriminate between billion-dollar businesses and small ones. As far as threats are concerned, everyone is fair game.
Small businesses beware
Among the popular threats that are expected to continue to threaten businesses are data theft, distributed denial-of-service (DDoS) attacks, and ransomware. Data theft involves attackers probing system vulnerabilities to try and steal user data. This exposes both internal users and end-users to identity theft. At times, stolen data is also used to compromise other systems, if the same credentials have been used. DDoS attacks render systems unusable by overwhelming the network or server with large amounts of traffic. Then there is ransomware – malware that locks and encrypts computers and data unless a victim pays for the decryption key.
Getting hit by any of these attacks can cost quite a lot. With data theft, stolen records now costs businesses $179 each. An average data breach now costs $4 million. According to a study, downtime caused by DDoS attacks can cost an e-commerce site $40,000 in lost revenue. Businesses risk having an entire office’s data wiped clean from malware and ransomware. While these costs are relative depending on how much business is being generated online, it’s still tough for any small business to deal with such issues.
Aside from monetary costs, among the biggest setbacks from cyberattacks is loss of customer confidence. Winning customer trust is already a tough battle for startups and growing ventures. Losing them because of failure to secure their information can kill the business even before it reaches traction.
Security is a crucial part of the agenda
It is understandable for any organization to give focus on other aspects of the business over security. You already require capital to invest in basic technologies to operate in today’s business environment – computers, tablets, smartphones, networks, and applications. However, security should be a priority, as well, especially if any aspect of your operations is online.
Do not be fooled by the idea that running a simple corporate information website will help you fly under cyberattackers’ radar. Even functionalities like contact forms and even using a popular free CMS like WordPress can be possible attack vectors. These functionalities actually make the site a prime candidate for data theft, and there are several points of failure that an attacker can exploit in order to steal your customer data. Many website owners do not even make website maintenance a daily part of their routine.
It doesn’t take much sophistication for cybercriminals to launch attacks against organizations today. Malware can be automated – meaning bots and scripts can automatically scour and scan for vulnerable websites and services. Hacking services can also be easily found online, while bot networks that execute DDoS attacks can even be rented for less than $100 a day.
Forming a startup security plan
You might be surprised that most aspects of business operations today rely on technology and the internet. Do you have a POS system? How do you manage your books? How do you file taxes? How do you check your bank accounts? With all of these processes relying on technology, it pays to have a plan in place to prevent and respond to threats. Here are some key points in formulating your own startup security plan.
Know where you’re vulnerable. Breaches usually happen through the weakest link of your security system. Know exactly what aspects of your business depends on the internet or other online services, what technologies you use to access them (desktops, laptops, tablets, or phones), and who uses them. This way, you can formulate rules, policies, and standard procedures on how to use them.
Get cloud-based security. If dedicated IT teams are out of the picture due to resource constraints, you can consider outsourcing your security. Cloud-based and self-service security is now available at very reasonable prices. It pays to have your website and information systems portals to be protected from attacks. Web application firewalls that screen malicious threats can now be implemented as-a-service. A cloud security provider such as Incapsula has a cloud-based WAF solution that actually provides DDoS mitigation and performance improvements with more advanced features available upon upgrades. These services provide 24/7 support to help you respond if even an attack eventually happens.
Abide by recommended security practices. If you are using a third-party service to augment your systems (like cloud-based hosting, backup, or payment gateway), make sure that you follow all of their guidelines in securing your system. These services usually have pointers on how to harden access, passwords, and even enabling authenticators to make sure that all activities are only done by legitimate agents. The SANS Instutite offers security best practices, along with training events held in different parts of the globe.
Train your people. No matter what kinds of technologies you implement, a crucial part of the link is the people involved. Many threats and breaches happen because of human ignorance and error. A common way for malware and ransomware to infect computers is through users inadvertently clicking on compromised links and applications. Teach your staff to identify spam and spoofing emails, use anti-malware software on their devices, periodically update and scan their computers, and back their data up.
Secure your company’s future
Security breaches can stymie and even kill a company’s growth. Putting security as part of your company’s overall strategy and operations can helped curb the risk of being a cybercrime victim. There are plenty of cost-effective solutions available today, that it is actually irresponsible not to put security as part of the agenda. Safeguarding your systems can mean securing your company’s future as well.
