The names of the companies in the headlines recently for hacks have been the major-league brands of big business: Sony, Target and Home Depot.
But small businesses shouldn’t think for a minute that because the hackers are hunting elephants, they won’t bother snatching up a few meerkats.
According to the Guardian's reporting on a McAfee report, “90% of small- and medium-sized [businesses] in the US do not use data protection for company and customer information.”
That means that with no data protection, many SMBs are sitting ducks. And the biggest threats to a small business’ security often come from within. The Guardian spoke with a company in Chicago to get its take.
Cyrus Walker, CEO of Chicago-based Data Defenders says research shows approximately 80% of security-related incidents occur as a result of employee behavior.
Log-aggregation software known as Security Event Information Management gives a clear picture of transactions occurring internally and externally from the company’s network.
But not everything an employee does will come through a work computer. Much of the ire of law enforcement is directed at firms such as Apple and Google for software updates that make it impossible to gain access to the content of devices that use their mobile operating systems.
Other potential threats include third-party vendors, as was the case in the Target hack, where an HVAC vendor was found to be the source of the retailer’s massive data breach.
Regardless of the reason SMBs have been putting off a tested and thorough security solution, outside forces will soon compel them to comply. President Obama has proposed a 30-day breach notification law, which means SMBs would have to inform the government and customers of their breaches within a regulated amount of time.
Mark Clancy, CEO of Soltra, laid out the best security scenario for SMBs: “Criminals are attacking companies, and the firms are responding without any coordination. If you share information, you can change the proverbial locks on the door so they aren’t pickable,” Clancy told the Guardian. “Every criminal on the planet lives on your street. You can invest proactively and be ahead of the curve, or invest in response to incidents.”