Posted on Thursday, March 20, 2014Blog written by Rob Swenson
Small and midsize businesses have become the primary target of cyber criminals and their increasingly sophisticated arsenal of weapons.
Professional hackers’ attention on smaller businesses is easy to understand:
- Small and midsize firms outnumber big companies.
- They have a lot of valuable information in their computer networks.
- They often lack the staff and resources to adequately protect their electronic assets.
Smaller companies are the targets in about 85 percent of the attacks on businesses, says Chad Knutson, a senior information security consultant. He works for Secure Banking Solutions, a company based in Madison, S.D. that helps banks and other businesses protect data.
Hacking is not as difficult as it might seem, Knutson advised a few dozen business people during his informational presentation. Cyber thieves can buy hacking programs online, just as someone might purchase antivirus software. The bad guys can even buy tech support.
Hacking software often is developed by well-educated men and women, and then sold to others. The money and data that is stolen typically winds up with organized criminals.
Tracking down and catching the wrongdoers is difficult because they often work out of other countries.
Often, businesses that are victimized don’t immediately realize that their computer systems have been accessed by hackers. After hackers get the information they want, they are likely to delete the data to make detection more difficult.
“Obviously they want your money first, but data is also valuable,” Knutson says. Data can be used to create or access other accounts.
“We have to continue to improve our security. What we did five years ago to protect our businesses doesn’t work today. What works today won’t work tomorrow,” Knutson says. “It’s a continuing evolution.”
12 ways to bolster security
The best option for businesses is to take a layered approach to security, Knutson says. Plan a strategy, deploy it, and test it.
Businesses should train employees, for example. Employees should use strong passwords, and policies should be in place to govern their online behavior. Knutson suggests testing employees by sending them a fake email with a link and see who clicks it. That’s how many hackers gain access to company data.
The following are 12 steps that Knutson suggests every business take to protect data. The first 10 steps are based on suggestions from the National Institute of Standards and Technology; Knutson added the last two.
- Use malware protection, and keep it up to date.
- Use a hardware firewall, which helps prevent outsiders from accessing data.
- Use software firewall protection, too.
- Use software patches as they come out.
- Back up important data.
- Limit physical access to computers and data.
- Take precautions in deploying wireless service.
- Train employees.
- Make user accounts unique.
- Limit employee access to sensitive data.
- Encrypt sensitive information.
- Document corporate policies, and hold people accountable to the rules.
SDN can help
SDN offers Managed Services designed to help small and midsize businesses keep their network equipment up to date and data secure. Two of the most relevant services are Managed Firewall Service and Managed Router Service.
SDN has offered Managed Router Service for about five years. The telecommunications company will take over responsibility for configuring, managing and monitoring a subscriber’s routers for a monthly subscription fee. SDN supplies company-owned routers to safely connect a client’s networks as well as replacement parts that might be needed in the future.
Managed Router Service can reduce upfront costs for clients and allow them to focus more attention on their core business operations. Managed Firewall Service operates in similar fashion. SDN provides and maintains the equipment to police cyber traffic and guard access to a client’s information.
The cost of a managed service depends on the level of service desired by a client. Options such as performance reports are available to help clients assess threats and comply with regulations in their industries.
For more information about SDN’s managed services and other business solutions, visit the SDN Communications website.