This is the mentality of a great many people out there today. The prevailing thought is that cyber-security is only important for big government or large companies. I have heard the following arguments presented as reasons why cyber-security isn’t important for most small and medium-sized businesses.
Turns out, these are completely inaccurate. Cyber-security is important for all levels of business and government. There are tools and security measures that can be put in place for a reasonable cost that can protect all of your company’s vital information. But let’s look at these individually.
My company will not be targeted simply because there are much bigger opportunities elsewhere.
While it is true that there are bigger companies that could be targeted, how much more difficult would it be for them to be attacked? If companies like Microsoft and Target can be attacked, why would you think that your smaller company wouldn’t be attacked? There are levels of sophistication involved in every level, and before these larger companies are attacked, smaller companies are attacked first. If you think about physical theft, we can look at Willie Sutton. When asked why he robbed banks, he replied, “Because that is where the money is.” However, when you look at the majority of theft today, it is 1-on-1, convenience stores, liquor stores or other similar types of establishments. The reason is that the security is much higher on the banking institutions than it is on the other types of stores. Because of this, each and every company should have levels of security to ensure that their doors are locked and a security system is in place.
My company just doesn’t have any information that someone would want to steal.
Each and every company has financial records, employee records, or customer records that would be valuable to any thief. The company financial records could be used to secure financing for some of their illegal activities or could be made public to discredit your company. Employee records, as well as customer records, could be used for identity theft or physical theft of property. These records typically include address, phone, social security number, banking records for direct deposit, and also work history. So if this information was stolen, the thief could know work hours, salary, living situation, banking information, gender and age. Just by looking at employee records, a thief could determine that an individual worked Mondays from 8-5, was single and lived at 123 Main St, then they knew that they could waltz in during those times and take whatever they wanted. Or worse, perhaps a predator knows that a female is single and lives alone. Customer records could offer other resources that the thief could use. If the company has issued credit to this customer, then the thief could have access to all of the company’s credit history. Many times, at the small and medium-sized business level, this credit history is that of the individual. So unless you have an appropriate cyber-security system in place, you are placing your customer’s information in danger.
Finally, since my company is small, the steps that I have already taken are good enough.
I would say that this is great news, but generally not the case. Most small and medium-sized businesses do not have a firewall in place and are not even backing up their data appropriately. They leave data readily available on their desktops or on unsecured flash drives. The majority of their data is not password protected and many times, their computers are not protected either. There are many other steps that need to be taken to protect you, your company, your employees and your customers.