There isn’t much we do offline, and the same is true for business. Small businesses have embraced online technology for marketing campaigns, document storage,mobile communications, product delivery logistics, building access and financial transactions. Entrepreneurs benefit from the flexibility of being able to implement business technology and communications on a pay for-use basis rather than being forced to make significant capital investments that lock them into long-term relationships.
With the ease of use enabled by smartphones and wireless connectivity, employees can be self-sufficient, diligently corresponding with customers, sending cost proposals and closing contracts from wherever they are. That hypothetical 24/7 ubiquitous customer service exposes businesses to realistic cyber compromise, however.
Although long (and perhaps, optimistically) considered as operating “under the radar” with respect to opportunistic hackers, small businesses are now proving relatively attractive targets. Large businesses have invested heavily in hardening their systems and educating their employees. Small businesses have not.
Security industry reports on emerging trends show that hackers are exercising their considerable toolsets against small businesses. These are four ways that your small business may be vulnerable—and what to
do about it:
Under-protected communications channels. Wireless routers are a popular, cost-effective alternative to connecting your network through a hardwire connection. No cable installation needed! Routers are typically delivered by the manufacturer with default credentials (device name and password). Change those defaults immediately! Those credentials can be “sniffed” using free tools and searched online by manufacturer serial number. And, if your employees transmit documents over their home or a public Wi-Fi hot spot, the opportunities for signal jacking, eavesdropping or malware infection multiply inexorably. Use virtual private network (VPN) channels for transmitting confidential information.
Under-protected mobile devices. Smartphones and laptops can be hardened to resist compromise with a few easy measures. Although most smartphones allow only a pathetic four-character password (now we have touch and sixcharacters), make the password less predictable by not repeating the same numeral or using a common sequence (e.g., 1234, the year, your date of birth).
Disable Bluetooth unless you are actively using it: This very chatty technology broadcasts your device information to other devices from at least 30 feet away. (My car’s Bluetooth “discovers” my iPhone sitting on the dining room table from my driveway.)
You have infinite possibilities for passwords on a laptop. Be creative! And your local professional sports team is not considered unique. Use at least 12 nonsequential, alphanumeric characters interspersed with symbols. Enable “find my device” features for smartphones or laptops in case of loss or theft. From an app perspective, remember: If it’s free it’s not a product—you are. Check the privacy reputation for that app to see what information is being transmitted to the developer and his friends in the background.
Underprotected data storage. Encryption may be a partial solution for protecting customer data in case of an actual data breach: Most opportunistic hackers are after a quick snatch and-grab rather than a protracted effort to decipher documents. Only protect those documents that are confidential—and remember to back up those documents for assured disaster recovery.
Unsuspecting employees. Humans are the biggest variable. Business owners should remind themselves and their staff to question any unexpected message that contains a link. Hover over the sender’s name to determine whether or not a legitimate contact name has been spoofed. I always search unknown URLs for information about possible spam. Discuss recommended guidelines for handling customer information in any format: paper, text, digital or voice.
There are a number of ways to keep up with cybersecurity threats and protect your business:
- The U.S. Small Business Administration has developed excellent material for small businesses, available at sba.gov/cybersecurity.
- Report suspicious activity to the National Center for White Collar Crime, the FBI’s reporting channel, at nw3c.org.
- Check in with your local SBDC consultant, who can help you develop that important cybersecurity parachute.
Jennifer Kurtz, a consultant for the Denver and Pikes Peak Small Business Development Center, an affiliate faculty member of the Information Assurance Department at Regis University and author of the forthcoming Hacking Wireless Access Points.
This was originally published in the fall issue of Business Altitude. Click here to read the full issue.