Small businesses aren’t immune to cyber crime. In fact, small businesses are a major target for hackers. About half of all security breaches in 2012 targeted businesses with fewer than 1,000 employees. Yet many small-business owners aren’t taking security seriously. Here are three common mistakes you might not know you’re making, and how to fix them.
1. Not implementing a mobile security policy. If your company utilizes a BYOD (bring your own device) policy, it’s imperative that you implement associated security protocols. Allowing employees to access the company network from personal devices that aren’t adequately secured is like hanging a sign inviting hackers to come play in your company’s data playground.
NQ Mobile suggests using an across-the-board mobile security solution even when your employees are using various devices to access your company’s network. These programs typically have an activation code, which can be provided by an IT administrator, and protect devices against malware, spyware, phishing and other malicious files that can be used to obtain unauthorized access to critical areas of your company’s network through an unsuspecting employee’s mobile device.
2. Using cloud-based applications without security precautions. The cloud is one of the best technologies to hit the small-business world in decades. Cloud-based programs put less strain on your physical server space, provide a seamless way to backup your data instantly, and allow your team members to collaborate on projects with ease—and from anywhere.
Cloud-based data centers are convenient for small business due to their scalability—pay only for the storage and services you’re utilizing, with the ability to scale up or down each month to save on costs. Because information stored in the cloud is hosted on a remote server, your security perimeter is expanded beyond the physical constraints of your enterprise.
The potential security concerns can be virtually eliminated by choosing an established, professionally maintained system with 24/7 monitoring and firewall protection, according to leading cloud services provider ProfitBricks. Choose a cloud services provider with an adequate staff of trained security professionals who continuously monitor and protect your data. You should also choose cloud providers who maintain control and ownership of your data.
3. Failing to test third-party applications. As a small-business owner, you’re probably making use of a variety of tools and applications created by third-party developers. Many small businesses simply lack the resources for an in-house development team, and it makes economic sense to capitalize on customizable solutions that have already been developed. About two-thirds of applications used by enterprises are developed externally, and even those developed internally often make use of third-party libraries and components.
While third-party apps are typically created with security in mind, they’re not tested against your company’s specific security protocols. That means you could be introducing vulnerabilities to your network even if you have stringent security measures in place. The most common—and most dangerous—security flaws introduced by third-party apps include SQL injection and Cross-Site Scripting (XSS).
According to Veracode’s State of Software Security Report, 62 percent of applications fail upon first submission to its vendor application security testing (VAST) service. Yet most enterprises fail to implement formal procedures to secure the software supply chain. In fact, only about one in five enterprises have requested a code-level security test from at least one software vendor.
These three security risks are among the most common mistakes small businesses are making today, despite the many solutions available to implement adequate precautions. Many small-business owners are operating under the misguided belief that hackers are targeting major companies, while they’re floating under the radar. But as many small businesses fail to implement stringent security measures, they become an increasingly popular—and easy—target for cyber criminals.
Read more articles on cyber security.
Angela Stringfellow is a freelance writer, social media strategist and complete content marketing junkie obsessed with all things Web, written word and marketing.
Photos from top: Thinkstock, iStockphoto