Protecting against growing cyber threats
It is commonplace to read about large companies such as banks and retail chains being targeted for cyber security intrusions, but what many business owners do not realize is that small- and mid-sized companies throughout the country are being hit by similar cyber attacks.
Businesses of all sizes are regularly being victimized, and most companies don’t have the infrastructure or plans in place to combat these issues. Smaller businesses can be crippled or even put out of business. Here are four key areas of cyber criminal activity and steps that can be taken to limit a company's vulnerability:
Intrusions by Competitors
The troublesome side of business competition sometimes occurs through unethical and even illegal actions by competitors. One common example is 'Black Hat' (bad guy) search engine optimization (SEO) tactics, such as buying negative backlinks to a competitor's site. This usually includes problematic content such as human trafficking or sex sites, malicious links that can cause Google to flag the victimized company in a way that severely diminishes the business in searches, or have the sites de-ranked in Google search results. Small businesses can combat this by maintaining a Google webmaster tools account and regularly updating their site content. These companies should also do regular checks on backlinks using online tools; small business owners can then contact the link holder and ask to have it removed or hire someone to have the links removed.
Theft of Intellectual Property
Intellectual property (IP) theft is quite common in today’s business world, not just in the technology sector, which tends to receive more coverage of these crimes. Many companies have some form of IP, and as a business advantage it's subject to theft. This can come from a current or former employee, a competitor or even a foreign government (particularly where federal contracts are involved). In order to combat IP theft, companies should create logical separation of accessibility to information. Only a limited number of highly trustworthy people, based on background checks and other predetermined items such as position and potentially clearance, should be allowed access to critical IP on a 'need-to-know' basis. Those with access should sign legally binding documents regarding protection of the information. Documents should be encrypted and systems should either disable USB devices to copy materials, or track who does so as a strong deterrent to theft.
Threats to Mobile Devices
It's common for companies to allow employees to use their personal devices for business purposes and to connect to company systems. The proliferation of smart devices comes with great convenience and productivity, but also tremendous risks. Business information can be compromised based on each person's system controls, which are often not up to company standards. The chain of cyber security is only as strong as its weakest link and mobile devices can be wirelessly hacked, or the simple loss or theft of a device compromises data. To help protect against mobile threats, companies should implement a mobile device management mechanism across all devices, not just company provided ones. This could involve encryption and protocols that limit or eliminate the capability of sending attachments. Companies also have to tell employees about the importance of such policies and should have them read and sign documents requiring adherence to company standards.
Security of Client Information
Cyber incursions often pursue client information held by a partner company as a way to take business and undercut client confidence in a partner company holding the information. Cyber criminals can pretend to be a trusted source at the partner company and gather more information. Law firms are examples of businesses that hold a large amount of important client data. It's a good lesson to extend system security to cover client information and also to make certain other companies protect your data with equal vigilance.
All of these cyber threats can be damaging, and some can result in cyber ransom, which has been on the rise. It often starts with demands for small amounts of money that increase after initial payment. Many companies now retain 'White Hat' (ethical) hackers to test systems in order to find and fix weaknesses to improve security before the criminal hackers attack.