Think your business is too small for hackers to bother with? In recent years, small businesses have become the target for security and data breaches. Despite that trend, a majority of small businesses are not taking steps to try to prevent a data or security breach.
According to the Verizon 2011 Data Breach Investigations Report, organizations with between 11 and 100 employees reported almost six times as many as organizations with between 101 and 1,000 employees .
For some reason, that number does not scare many small business owners. Eighty-five percent of them said in a new survey, conducted for investment and insurance company The Hartford, that they believe a data breach is unlikely to happen to them. A majority of those business owners also said they are unlikely to put any measures in place to prevent such an attack.
Six in 10 small business owners acknowledge that a data breach would compromise relationships with customers. Additionally, 38 percent said they would have a negative opinion of companies that responded poorly to a breach.
Either these people are very bad at math, or just want to bury their head in the sand. Here are the numbers:
- SIX times as many data breaches as larger organizations
- It’s not going to happen to them
- They are not going to do anything to prevent it.
- 60% say it would affect customer relationships
- 38% say it would affect their relationship if a vendor had a breach
If you are a small business owner that IS scared by these numbers and you do want to put something in place to attempt to prevent it, here are some things you can do.
- Restricting employee access to sensitive data. This may seem so basic, but I can’t tell you how many companies we do audits for where every employee is an Administrator on the server.
- Shredding and securely disposing of customer, patient or employee data. It seems so simple but unless you make it a regular practice, most of this just gets thrown in the regular trash.
- Using password protection and data encryption. Forcing password changes is such a simple process but most companies don’t do it.
- Having a privacy policy. This is an HR issue, not an IT issue but is still relevant.
- Updating systems and software on a regular basis. I just ran a network audit for a company and the last time Windows Update was run on the server was April 2010. (over 2 years ago)
- Using firewalls to control access and lock out hackers. I continue to be amazed at companies that won’t spend $300 on a real firewall because they think the $39 wireless router they bought at Best Buy or Fry’s is good enough.
- Ensuring that remote access to their company’s network is secure. This is not difficult but may require someone with IT and network security experience t configure secure access.
If you need help with any of these items or would just like a free Network Security Audit, give us a call at 619-717-8070 or fill out the form below.