From The Wall Street Journal
If you wanted to hack a business, which one would you pick: A Fortune 500 company with a large digital-security budget and a team dedicated to protecting its cyberassets? Or a small enterprise that doesn’t employ a single IT security specialist? Of course hackers are equal-opportunity criminals, but you get my point.
Security breaches at big companies such as J.P. Morgan, Sony and Home Depotdominate the headlines, but safety measures are crucial for organizations of all shapes and sizes. According to the 2012 Verizon Data Breach Report, 71% of cyberattacks occur at businesses with fewer than 100 employees. The average cost of a data breach for those small businesses is $36,000.
We can no longer assume that hackers are solitary figures sitting in basements fiddling with their laptops. They may be members of organized-crime groups or employed by nation states, and they have resources that can destabilize entire companies and countries. These hackers constantly look for Internet vulnerabilities. They break through firewalls, infect machines, and use phishing schemes to gain access through emails to people’s passwords and Social Security numbers. They can then leverage weaknesses in applications to cause a database to output its contents.
So what can the owner of a small business do to defend himself? Here are some tips.
Think like a bad guy. Ask yourself: Who are my adversaries? Are they after my intellectual property and trade secrets? Do they want my customers’ credit-card information? Or do they view my business as the weak link in some larger application? This exercise can help you see where your vulnerabilities lie and also help you understand which measures you can take to protect your software.
Make sure your code is clean. Many commercial applications use open-source code as components. The National Institute of Standards and Technology’s National Vulnerability Database discloses more than 4,000 vulnerabilities in these components. Security software companies (such as Black Duck Software, of which I am president), can help you identify and fix any problems with your applications’ source code.
Read the full post at The Wall Street Journal.
Lou Shipley is a Lecturer at the Martin Trust Center for MIT Entrepreneurship at the MIT Sloan School of Management