By Ally Kutz, contributing writer
Hackers, it turns out, target SMBs with as much frequency as large businesses. SMBs are at the same level for risk of security and credit card breaches as large corporations, according to the New York Times. In addition, the National Small Business Association’s 2014 Year-End Economic Report reveals half of 675 small businesses reported being victims of attacks in 2014, an increase of 44 percent from 2013. Of those companies, 68 percent reported having been hacked at least twice.
“What SMBs need to understand is that every business is a worthwhile and valuable target,” says Kevin Watson, CEO of Netsurion. “What this also illustrates is that cybercriminals are not using sophisticated or ‘new’ methods of attack, so SMBs have no excuse for not using a more comprehensive solution to bolster security and decrease their chances of becoming the next headline.
Watson outlines five frequent mistakes that often lead to credit card breaches for SMBs, all of which IT solutions providers can correct:
- Not Protecting Inbound Internet Traffic. According to Watson, the first thing hackers look for is a way into the business being targeted. Every data circuit and Internet connection needs to be protected by a strong and adaptable firewall in order to protect from any unwelcome inbound traffic.
- Lack Of Control Over Outgoing Internet Traffic. Since many current breaches include software that resides on the network and then attempts to send sensitive data to the hacker’s system through the Internet, Watson suggests that selectively blocking outgoing traffic is just as important as watching inbound traffic. Since no system is capable of completely preventing unwanted malware or viruses, it is important to make sure secure data never leaves the network without the administrator’s knowing.
- Not Protecting On-Site Wi-Fi. Since more and more businesses are offering Wi-Fi to customers, many have come to expect it; but wireless networks have the possibility of revealing sensitive data from systems, especially in a retail environment. Watson suggests that a security strategy is necessary to configure devices in order to meet operation goals as well as protect your business.
- Not Utilizing Two-Factor Authentication. Watson urges that when allowing for remote access to your network, it is essential that it is both restricted and secure. He states that, at minimum, access should be allowed to individual users through a two-factor authentication as well as with strong credentials; he stresses not allowing shared accounts access this way, and logging any remote access activity for an audit trail to be readily available.
- Not Patching Operation Systems As Soon As You Can. Since operating systems are constantly being improved in order to prevent hackers from stealing any data on the network, it is important that SMBs update their systems with the latest security programs and patches, as well as regularly checking for new updates.
Watson says, “Almost every major breach in the last 24 months failed to incorporate at least one of these measures,” meaning that your clients should take note of each of these mistakes and avoid them in order to protect themselves from the possibilities of being hacked.