Juniper Networks recently commissioned a study on small and medium company network security.
The startling result: Over 90% of US companies reported at least one security breach in the last year, with more than half indicating they experienced two or more significant security problems with their networks.
There’s a misconception among a lot of small business owners that they’re safe from cyber attacks, because small companies offer a smaller payback for hacking efforts.
Small business network security is usually lax
The reality is, security policies and procedures at small companies usually make them an easy and simple target for hackers.
While the payout isn’t as large as hacking TJ Maxx, invading a small business’ network usually takes a lot less effort, and the business lacks a sophisticated response system.
Why is hacking so easy?
A new technique, called spear phishing, let’s hackers target a small group of previously identified people. Sometimes, the attack goes after just a handful of people who work at the same company.
Spear phishing does away with the need for hackers to gain access to your passwords. As more companies start to use social media sites such as FaceBook and Twitter, hackers using spear phishing are finding it easier to “trick” unsuspecting employees into installing crimeware on their company computers. This crimeware let’s the criminals access the computer system directly. Once they have access to one machine on your network, it’s easy to connect to the others.
Recent attacks have highlighted the growing need for companies to implement network security controls to catch the bulk of socially engineered spear phishing attacks.
They also need to take measures to quickly detect and contain security breaches.
The first thing you’ll want to do to protect your business is implement a strong firewall (see Frank’s article on page two) that lets you assign security restrictions for users based on the content of websites, and even keywords that might be potentially dangerous.
The next thing to look at is your company’s acceptable use policy. This can be as simple as a few pages added to your employee handbook that outlines what is and isn’t acceptable behavior on your network.
The final thing to examine is your backup and disaster recovery plan. The hacker’s aren’t giving up, which means it’s time to plan for what comes after a security breach.