Although he denied later that he made the remark, the late bank robber Willie Sutton Jr. is widely credited with one of the most self-evident observations in American criminal history. When asked by a reporter about why he robbed banks, Sutton reportedly responded, “Because that’s where the money is.”
In his autobiography, Sutton denied making the comment. He said that he robbed banks because he enjoyed it – loved it, in fact – and attributed the money quote to an enterprising reporter.
I would tend to believe a reputable reporter more than a convicted bank robber. Regardless of the origin of the quote, it inspired a maxim known as Sutton’s Law, which serves in fields such as medicine as a lasting reminder to consider the obvious.
I’m reminded of Sutton’s Law when I see reports about small and midsize companies becoming more popular targets for hackers looking for valuable electronic data. The trend makes sense when you consider that larger companies generally have greater staffing and resources for improving network security. So, hackers increasingly are turning their attention to more vulnerable targets, which in many cases are small and midsize businesses.
Unfortunately, many small and midsize businesses appear to be less aware of the threat. Or maybe they’re aware but don’t know what to do next.
Kaspersky Lab reports, for example, that among small and midsize businesses:
- 35 percent provide cybersecurity training to employees.
- 28 percent have an Internet security policy in place.
- 6 percent fear the loss of customer information.
The Federal Communications Commission offers cybersecurity tips for small businesses. The agency’s suggestions are worth reviewing, even if some of the recommendations seem obvious.
Here, in edited and condensed form, are 10 cybersecurity tips for small businesses offered by the FCC:
- Train employees in security principles. Establish rules of behavior.
- Protect information, computers and networks through such means as having the latest security software.
- Provide firewall security for all Internet connections.
- Create a mobile-device action plan. Install security applications and establish procedures for dealing with lost and stolen equipment.
- Make backup copies of important business data and information on a regular basis.
- Control physical access to computers and create user accounts for each employee. Limit administrative privileges to trusted IT staffers and other key personnel.
- Secure Wi-Fi networks.
- Employ best practices on payment cards and isolate payment systems from less secure programs.
- Limit employee access to data and limit who has the authority to install software.
- Require employees to use unique passwords and to change their passwords every three months.
Security experts at SDN Communications stress many similar security precautions. The company also offers a few additional suggestions.
For example, the SDN booklet, “Cybersecurity Starts with the Basics,” stresses that good cybersecurity starts with planning. And good cybersecurity planning should start at the top level of management in a business or organization.
In addition, establishing and maintaining good cybersecurity practices must be an ongoing priority. Threats evolve. Strategies for dealing with them must change, too.
Small and midsize businesses might not have as much data as their bigger counterparts, but to crooks it’s just as valuable. They go for the payoff.
Like their larger counterparts, smaller businesses have an obligation to protect information about their customers as well as their own data. As the premier regional provider of broadband connectivity and telecommunications services for businesses, SDN has the expertise, products and services to help companies and organizations get started or improve their cybersecurity. For more information, visit the SDN Communications website, reach out through the contact form or call 800-247-1442.
You can receive articles like this one and others to your email. We'll send the latest posts to you once a week. Just use the button below to subscribe.