Cyber criminals can cause problems for even the most powerful of businesses. Multinational companies like Target can be compromised by a piece of malware that sits between the EFTPOS (electronic funds transfer point of sale) and the bank and captures all of the transactions, in plain text and in real time. In fact, this very thing happened during the 2013 holiday shopping season. Hackers gained access to Target’s corporate network through a simple phishing email, and ended up stealing the payment details and personal information of up to 110 million customers. If dedicated hackers can do that to a top-rated Fortune 500 company, what is stopping them from targeting small and medium businesses and not for profit organisations?
SME’s still believe that they are too small to be a target of cyber crime. This is a dumb assumption—you know the saying about making an ass out of “u” and me—and it is a very dangerous way to go about running a business.
Here are a couple of ideas that can alleviate big cyber problems for SME’s.
- Use complicated and unique passwords on everything that is connected to the digital world—hard to do, but essential for your business well-being. This includes VPN and wireless passwords.
- Be very aware of phishing and spear phishing attacks that are designed to deliver malware to your business. Just look at the numbers: A spam email that goes out to one million email addresses only has to have one percent of the recipients click on the link to make it a profitable enterprise. It costs nothing for the criminals to do it, but the returns are astronomical. Like an STD, it is something that can spread at an astounding rate. This tactic will continue to be exploited far into the future.
- Apply any and all updates to operating systems and applications. Some have to be tested, but in most cases they can be applied relatively soon after they have been released. Malware targets the holes in software to get a foothold in your business. The updates patch the holes, making a successful malware attack much less likely.
- Invest in cyber security, as much as your budget can afford. The best firewall that you can afford, the best antivirus you can afford, and so on. Invest in training and, most importantly, talk to the experts, because you cannot do everything yourself. Cyber security is like insurance. It may not seems like you’re getting anything for your money. The investment is intangible until everything goes to the dogs, and then you’ll be glad you had it. (In the case of cyber security, you may never even know what dangers you avoided.)
- Create an awareness program for all users, both internally and to educate your customers. I suppose I harp on about this, but in my opinion, education delivers a better return on investment than anything else when it comes to fighting cyber crime.
- Finally, ramp up your paranoia. Yes, it’s justified. You cannot be paranoid when everyone on the internet is targeting your secrets, your staff and your money.
In my opinion, you are never too small to be a target. The Cyber criminals are after businesses just like yours, and the only way to protect yourself is to understand that they are after you.