Business owners: is your cyber security health at risk?
I can tell you that the bar for cyber security health in many small businesses is very low indeed.
There are two important facts I’d like to point out concerning the cyber security health of the nation. Firstly, that the economy consists mostly of smaller businesses, many of whom have an on-line presence. Secondly, the vast majority of small businesses do not voluntarily engage in proactive cyber security activities because such things are either too expensive, complex or are not considered important.
It doesn’t have to be this way. I have the unenviable task of speaking, on an almost daily basis, with business owners who have suffered a breach, have lost cardholder data, or are suffering the crippling losses associated with cleaning up after a cyber attack. In other words, I can tell you that the bar for cyber security health in many small businesses is very low indeed.
What do these customers have in common? In plain English, here are 6 mistakes that can endanger your cyber security health:
- Believing that everything is fine, without checking it for yourself. This first one is the real sucker-punch.
- Having a poorly written website that doesn’t correctly check what users are entering in to web forms. Put simply, this leads directly to hackers stealing your data.
- A poorly integrated shopping cart or payment pages. If not done correctly, this can allow an attacker to intercept your customer’s payment card data, leading directly to card data theft – for which your merchant bank will hold you directly responsible.
- Default or weak passwords on equipment such as wireless access points or network router devices.
- Over exposure of sensitive content, web pages or other access that should not be visible on the Internet
- Old or out-of-date software or systems. An incredibly basic issue, but still a big deal. Old systems need updating in order to stay secure.
What can you do about it?
Quite simply, whilst sophisticated testing of web sites and networks might be costly, even a basic scan of your web site can point out a wide array of cyber security health issues, just like the ones listed above. These are often painfully easy to correct – a minor web site change here, or a password change there.
Also, why not create some simple checklists that either yourself or your IT support people can use? These could cover:
- Password policy
- Regular testing of your business web site – find a supplier who can match your budget for this
- An action plan for addressing the findings made during your tests
- A simple operational procedure for ensuring that all systems are being patched and updated
The cyber security health bar is very low for many small businesses. But the good news is that from there, the only way is up.