If you have control of valuable assets, including trillions of dollars of transactions, as The
Society for Worldwide Interbank Financial Telecommunications (SWIFT) does, your company will be attacked. It’s a matter of when, not if, it will happen. That means you need to develop a sophisticated and multi-faceted approach to cyber-security.
Only a few years ago, corporate cyber-security might have been limited to installing the latest software patch—an activity on a par with, say, facilities management.
However, given the increasing number and magnitude of cyber-crimes, as well as new types of threats, cyber-security now requires a coordinated effort between companies, government agencies and advanced academics with cutting edge insights into the future of technology. In a networked world, no one can afford to go it alone.
If you wanted to hack a business, which one would you pick: A Fortune 500 company with a large digital-security budget and a team dedicated to protecting its cyberassets? Or a small enterprise that doesn’t employ a single IT security specialist? Of course hackers are equal-opportunity criminals, but you get my point.
Security breaches at big companies such as J.P. Morgan,Sony and Home Depotdominate the headlines, but safety measures are crucial for organizations of all shapes and sizes. According to the 2012 Verizon Data Breach Report, 71% of cyberattacks occur at businesses with fewer than 100 employees. The average cost of a data breach for those small businesses is $36,000.
We can no longer assume that hackers are solitary figures sitting in basements fiddling with their laptops. They may be members of organized-crime groups or employed by nation states, and they have resources that can destabilize entire companies and countries. These hackers constantly look for Internet vulnerabilities. They break through firewalls, infect machines, and use phishing schemes to gain access through emails to people’s passwords and Social Security numbers. They can then leverage weaknesses in applications to cause a database to output its contents.
So what can the owner of a small business do to defend himself? Here are some tips.
A few years ago I was working with a small consulting firm, and one of our up and coming salespeople left for a competitor. No big deal. It happens. But several months later, the management team noticed a disturbing trend. The company kept losing bids for new business to this very same competitor. It had happened four times in a row when finally we realized that we’d forgotten to turn off the former employee’s network access. He had been logging into our network, stealing our information, and then undercutting us. Read More »