Simple answers for owners concerned about security.
You own a store or other small business and security is keeping you up at night? Let’s get you some rest.
As a security consultant, I am often asked if a system is secure. The truth is, any system is vulnerable given an unlimited amount of resources. Therefor, you must be wondering how do I sleep?
Well, I sleep very good because I know how to prevent most attacks.
Security = Cost of Compromise > Gain of Compromise
Or as in layman’s terms:
Security comes from removing the bad guys profit.
First, relax. Take a deep breath. Given the above, the solution to computer security is actually easy. Increase the difficulty, or decrease the reward. We can do this easiest by doing these three things:
- Keep software upgraded and maintained.
- Use and require password managers
- Always use cloud backups and secure cloud services for all of your resources and data.
Warning: A regular security audit should be requested for custom, out of date or financial systems as these present unique problems to secure.
Why is this recommended?
This is a great method for the majority of the small businesses to reduce risk without breaking the bank. If you’d like to know more, you can read this section or skip it. Don’t worry, we’ll try and keep the tech jargon down.
The first most common threat faced by businesses is a type of attack that uses known security flaws to compromise systems that do not get upgraded. Yep, simply turn on that auto update, and the risk goes away. Be careful, a single out of date computer can give access to your entire network.
Another common type of attack we see is the brute force attack on password systems. These attacks deploy programs that use lists of non-strong passwords, or known password/username combinations on various types of systems. A password manager prevents this type of attack by allowing you to remember a single password that gives you access to a library of unique strong passwords that you don’t need to remember. Captcha can also reduce the effectiveness of this, but can’t be deployed on all systems.
Lastly, backups save us when things go bad. We hope we don’t need them, but are grateful to have them.
From our experience most small businesses are not performing these simple tasks, leaving themselves at an increase chances of loss.
If you do the above recommendations, the majority of computer based attacks will be defeated. Unfortunately, computer security alone won’t make your business secure and would be ignoring one of the biggest threat.
Imagine getting a call. You pick up the phone and the sound of static greets you. The employee on the other end identifies themselves but is barely audible. He quickly explains all hell is breaking loose and the password and username at the office will fix all his problems. Except, its not who you think they are.
It’s harder to address the problems of “Social Engineering.” These attacks pray on our weakness and attack what we don’t think about.
The solutions to this problem can be a bit more complex. Our policies, procedures, and training must work in harmony to ensure people make the right choices.
Information system security experts, like Proper Programming, can help analyze your process’s and find these issues.
Our goal for this article has been to inform the small business owner of the risks they face in security. We strive to provide general guidance, assurances and advice that should not excessively burden your business.
If you have any questions, or wish to get a free security assessment, please contact us so we can get you back to sleep.
Disclaimer: In security and this article there is no certainty, only precautions. We encourage you to take appropriate steps tailored to your business to reduce your risk. We can’t offer, imply, or state any warranties or guarantees. Please consider purchasing insurances that can protect your investments.