Cyber attacks and hacking instances are becoming all too common in the business world today. Most notably, big companies like Target and Home Depot have dealt with their share of cyber criminals over the past couple years. In the end, one might believe these companies were attacked because of the name or the size and believe that their small or middle market business is safe from cyber criminals. While this notion certainly helps some business owners sleep at night, it may be a false sense of security.
When it comes to most small businesses it’s not always a cyber criminal that you must watch out for. Employees can also do damage that is tough to repair. Even employees who don’t necessarily mean to do any harm can be a cause if they aren’t diligent with usage of company applications, data, or computers. Furthermore, an old employee with an axe to grind could potentially cause problems as well.
One way to mitigate this risk is to be sure you are doing what is necessary to protect your business and your customer’s information. Several security standards exist to help companies in this matter including Payment Card Data Security Standards (PCDSS), the HIPAA Data Security Rule, the Gramm-Leach-Bliley Act, and ISO. All of these standards are out there to help different kinds of businesses achieve the level of security necessary to run a successful business while keeping your data as secure as possible.
Not everyone is required to follow the standards though. Some businesses are 100% required to follow security standard guidelines. For instance, medical facilities must follow HIPAA and vendors who take credit cards must adhere to PCIDSS. However, not every business is a medical facility, financial institution, or accepts credit card payments. This leads to a little bit of a grey area when it comes to security standards for some businesses. Not to mention that third party vendors can also cause disruption whether they follow a standard or not.
We mentioned the Target breach at the beginning of the article. This was one of the most well known security breaches we’ve encountered over the last year, or maybe ever. In the case of Target it was found that a third party vendor was to blame for at least a portion of the attack that was perpetrated on Target’s payment gateways. It’s always important to vet your vendors and ask about their security protocols.
What is also misconstrued is in order to be hacked or be a victim of cyber security you must be targeted specifically by an individual. This is not always true. While this is the case sometimes, there is plenty of malware that simply gets spread around and doesn’t target any one entity specifically. One common version is known as ransomware, which is described as a malware that takes your computer network for ransom and shuts it down until a ransom is paid. Ransomware has no specific enemy, it targets whoever and whatever will let it in, as is the case with many malware instances.
Finally, there are many costs associated with a data breach. Federal and state governments can levy heavy fines and do long investigations into even the most meager of attacks. If your company holds any private information, at all, and you have even a small breach you could be in for trouble and hefty fines. Not only does this take a financial toll on your business it could also disrupt your day-to-day, making it difficult to recover.
In the end, no business is 100% safe from cyber threats. Now, this is not meant to scare you or tell you that you’re going to be the target of an attack, but it should be a notice to those who haven’t done enough diligence into their security measures and protocols. Electronic security is extremely important, now more than ever, and it’s imperative that businesses of any size take control of their own cyber security and reduce their threat of an attack.