Small Businesses Need Cybersecurity, Too

The F-16 Fighting Falcon is one of the U.S. Air Force’s most efficient and dangerous fighter jets, with a wingspan of 49 feet and a top speed of 1,500 miles per hour. Each jet carries two 2,000-pound bombs, one 20mm multi-barrel cannon, and up to six air-to-air missiles. Yet, as intimidating as these Falcons are, the real-life birds in the sky can be even scarier.

In fact, the FAA requires a special stress test for each new engine design. The test uses compressed air to launch thawed chickens at more than 400 miles per hour into the plane’s turbine to simulate an actual bird strike while in flight. Yes, that’s a real thing. Because despite the power, agility and destructive force of the F-16, the Air Force estimates that about 3,000 bird strikes occur every year, causing nearly $50 million of damage.

The analogy is a powerful one when you apply it to the world of cybersecurity, especially if you’re a small-business owner. Just like the F-16, you face many daily threats to your business, and you’re constantly seeking to mitigate risk. But the very real danger may be the bird you never see coming.

The new age of cyber criminals

If 2016 was the year we all wised up about hacking, then 2017 might very well be the year when hackers get even smarter. That means the list of victims won’t just include the obvious big players, as we witnessed with Target, Home Depot and others the last few years. You may think no one would want to target your small business, but don’t be so confident.

Hackers generally follow the money, and small businesses can be very attractive for many reasons. First, many start-ups and small businesses still maintain a treasure trove of credit card information and other customer identifiers that can lead to big money. Second, many small businesses act as third-party vendors for other large firms, which can be an easy pathway to even bigger chunks of lucrative data. The recent Blue Cross hack here in Kansas City and the aforementioned Target hack are prime examples.

In addition, small businesses are increasingly using mobile and Web apps to deliver their products and services, but added security for these delivery methods are often overlooked by busy business owners. And small businesses often postpone implementing any security measures, so they become the low-hanging fruit of cyber thefts.

What to watch for and what you can do

So, what can we expect this year? Industry experts are forecasting a number of new hacking opportunities. One of which is a renewed target on Internet of Things (IoT) devices. While the IoT marketplace is ramping up security precautions, criminals are also finding new ways to use these devices for their own misdeeds.

James Maude, senior security engineer at Avecto, tells TechRepublic that he expects internal threats to increase:

“As organizations adopt more effective strategies to defeat malware, attackers will shift their approach and start to use legitimate credentials and software … The increased targeting of social media and personal email bypasses many network defenses, like email scans and URL filters. The most dangerous aspect is how attackers manipulate victims with offers or threats that they would not want to present to an employer, like employment offers or illicit content … Businesses think threats can be filtered at the perimeter. Be warned that this is not the case. Attackers are aware of how to directly target users and endpoints using social engineering … With an increasingly mobile workforce and threats coming through both personal and business devices and services, the impact of perimeter defenses has decreased. Security needs to be built from the endpoint outwards.”

Nevertheless, I remind our clients that all is not lost. In addition to implementing a robust cybersecurity plan for your company, there’s much you can do right now to keep your small business safe:

• Fireproof your firewalls – Check to ensure everything is up-to-date on all machines in your business.
• Build a better password – I know it seems obvious, but a weak password is truly the breakable link in your line of defense.
• New patches for your OS – Make sure your operating systems are updated regularly, including all applicable security patches.
• Ban the unknown downloads – New rule for your employees: No downloading any file from an unknown sender.
• Secure your mobile devices – Investigate the “remote wipe” capability on all of your company devices, and restrict any passwords from being stored on these devices.

Cybersecurity is no longer just for the big companies. We’re now in a new world where information equals power, and no business – especially not your small business – should take the risk. After all, there are too many birds in the sky aiming for your jet engine.

Jeanette Hernandez Prenger is president and CEO of ECCO Select, a talent acquisition + advisory consulting company, specializing in people, process and technology solutions for our clients. Learn more at www.eccoselect.com, or let her know your thoughts on the Facebook page or on Twitter @ECCOSelectCORP.