Should I Worry About My Security?

Simple Answers for Businesses Concerned About System Security.

You are responsible for a store or other small business and security is keeping you up at night? Let’s get you some rest.

In this article, we will talk about why security is needed, and offer solutions to achieve complete system security.

Why Should I Care About Security?

Compromising your business security can risk the future of your company. It can lead to embarrassing press and a blemished reputation. The information and loss of privacy can not only affect you but also impact your customers. Not that we want to ignore the fact that lawsuits are expensive.

Understanding the Problem…

As a security consultant, I am often asked if a system is secure. The truth is, given an unlimited amount of resources any system is vulnerable. Therefore, you must be wondering how do I sleep?

Well, I sleep very well because I know how to prevent most attacks. I know it takes a team to succeed. And yes, I come with backup.

How to Know You’re at Risk

Here’s a simple comparison to know if you face a threat.

Secure = Cost of Compromise > Gain of Compromise

Or as in layman’s terms:

Security comes from removing the bad guy’s profits.

Computer Security

First, relax. Take a deep breath. Given the above, the solution to computer security is actually easy. Increase the difficulty, or decrease the reward.

We can do this easiest by doing these four things:

  • Keep software upgraded and maintained.
  • Use and require password managers
  • Always use cloud backups and secure cloud services for all of your resources and data.
  • Perform regular security audits.

Warning: All financial systems, custom development, and out-of-date systems should receive regular security audits and updates.

Types of Threats

The first most common threat faced by businesses is a type of attack that uses known security flaws to compromise systems that do not get upgraded. Yep, simply turn on that auto-update, and the risk goes away. Be careful, a single out-of-date computer can give access to your entire network.

Another common type of attack we see is the brute force attack on password systems. These attacks deploy programs that use lists of non-strong passwords, or known password/username combinations on various types of systems. A password manager prevents this type of attack by allowing you to remember a single password that gives you access to a library of unique strong passwords that you don’t need to remember. Captcha can also reduce the effectiveness of this, but can’t be deployed on all systems.

Lastly, backups save us when things go bad. We hope we don’t need them but are grateful to have them.

Another threat, that is more complicated to deal with, is the denial of service attacks. These attacks bombard your systems to overwhelm them, thus shutting them down. Due to the resources required, they are not as often seen. Except in rare cases of harassment, most won’t face this threat.

From our experience most small businesses are not performing these simple tasks, leaving themselves at increased chances of loss. And be aware, there are more facets on all of this that are outside the scope of this article.

Regular Security Audit’s

Lets start with our recommendation: Perform a security audit. Why?

Because, this is a great method for the majority of businesses to analyze, and potentially eliminate, the risk they face without breaking the bank. Getting a system analyst to audit the systems you deploy can drastically drop your risk. And the documentation produced can lead to a better solution that specifically targets your unique business needs and risks. This can be coupled with insurance that can further protect you and your organization from any remaining financial risk you face.

System Security

The majority of computer-based attacks will be defeated by following the above simple steps. Unfortunately, computer security alone won’t make your business secure and would be ignoring one of the biggest threats.

Imagine getting a call. You pick up the phone and the sound of static greets you. The employee on the other end identified themselves but is barely audible. He quickly explains all hell is breaking loose and the password and username at the office will fix all his problems. Except, it’s not who you think they are.

It’s harder to address the problems of “Social Engineering.” These attacks pray on our weakness and attack what we don’t think about.

The solutions to this problem can be a bit more complex. Our policies, procedures, and training must work in harmony to ensure people make the right choices.

Information system security experts, like Proper Programming, can help analyze your processes and find these issues.

Summary

Our goal for this article has been to inform the business owner of the risks they face. We strive to provide guidance, assurances, and advice that should not excessively burden your business.

If you have any questions or wish to get a free security assessment, please contact us so we can get you back to sleep.

Disclaimer: In security and this article there is no certainty, only precautions. We encourage you to take appropriate steps tailored to your business to reduce your risk. We can’t offer, imply, or state any warranties or guarantees. Please consider purchasing insurances that can protect your investments.