SOI 2015 - Guard Your Data
Little Guys Are Also Vulnerable To Attacks
>>Back to the State of the Industry 2015 Index Page
When operating in the Internet age, execs need to ensure their company’s data – and that of their customers – is safe from ever-present hackers.
High-profile retailers have become the victims of a slew of recent data breaches, with hackers stealing incredible amounts of information. At Home Depot, for example, 56 million customer credit and debit cards were potentially compromised last year. Before that, Target took a major hit, as online thieves swiped data from 40 million of its customers. And, most recently, the federal government even suffered a massive breach in which at least 4 million federal workers’ private information was at risk of being stolen.
But, experts believe, big-name companies and those who frequent them aren’t the only ones who should be worried – the little guys are also vulnerable. “Hackers see small businesses as low-hanging fruit, not as being unworthy of their attention,” says Kai Pfiester, owner of Black Cipher Security.
In fact, a recent study released by Experian Data Breach Resolution and the Ponemon Institute found that 43% of all U.S. companies had experienced a breach in the last year alone. Needless to say, that’s a lot of compromised data. What can you do to avoid becoming the next victim? Here are several steps to take.
Pick Strong Services
For many industry companies – regardless of size – improving data security comes down to choosing Web-hosting services and other online products that are established and trustworthy. “In most cases, if you do choose the right provider, you don’t have to worry about security,” says JP Hunt, vice president of sales and marketing for software developer InkSoft. “There are economy and amateur solutions, but Web hosting is not the place to save money.”
When choosing a Web host, it’s best to find out up front what features are included in a monthly price tag, and what’s not. It’s becoming more common, for instance, for some services to offer separate security packages. These add-ons usually provide frequent virus and malware checks, giving an extra layer of data protection.
Before you agree to any plan, though, be sure to ask if the service automatically contacts you if any suspicious activity is detected. This is a key factor in knowing that you’ve purchased not only a software program, but also a comprehensive service that will proactively inform you if something suspicious arises, rather than solely reacting to hack attempts.
Finally, only go with hosts that guarantee 24/7 phone and Web chat support from technicians, not basic support reps.
Use SSL Certificates
The most common method of protecting online data is to use Secure Sockets Layer (SSL) encryption technology. SSL certificates are like a secret handshake between two servers, ensuring data is transmitted privately. You can recognize whether a site is using SSL if the Web address begins with “https,” rather than simply “http.”
Some SSL certificates will also add a green bar or tiny padlock icon to the browser to show the site is secure. SSL providers will often give out an emblem that can be posted on a website to show off its secure status.
In the past, the trend was only to use such certificates for sensitive pages that require data input because encryption slows sites down, Hunt says, but that’s changing. “It’s getting more exposure now,” he says. “Many consumers are getting concerned about security and asking, ‘Is this website safe?’”
Having a prominently displayed SSL certificate has become a marketing tool, too, according to Hunt. SSL certificates are available through some Web hosts, but also look to digital security companies such as Symantec.
Without question, SSL certificates are critical if you plan to sell promotional items on your website. As customers become savvier, research shows they look for markers to ensure their purchases are safe. As an example, a recent survey conducted by VeriSign showed 93% of online shoppers felt it was important for an e-commerce site to include a trust mark of some kind on its purchase page.
For companies that host their own servers, though, it’s paramount to have a strong, commercial-grade firewall in place to help separate networks from the outside world, says Melissa Minchala, CEO of DataVelocity, a managed IT services and solutions company. The cost will run a business anywhere from a few hundred to a few thousand dollars – but it’s necessary. It’s also a good idea to have centrally managed virus protection software that limits viruses, malware and Trojans from gaining a toehold in your network, she adds.
It’s good to remember, experts say, that the more information you collect, the more you’re responsible for. That’s why it’s a smart strategy to only get client data you need for each deal, while erasing names, bank records and credit card info from past transactions. You should routinely delete old and confidential data completely – not just hard copies, but hard drives as well.
Also, if you use free cloud storage technology – where files tend to float for years – be absolutely certain that all data is encrypted. Even though records might not be physically in your hands, your clients and employees still expect you to protect their information. Create protocols for what types of data your firm puts on the cloud, avoiding placing sensitive data there.
The real key for small businesses is to take note of where all of their data is housed, while measuring what really is important. “Do an inventory of your information and prioritize it and categorize it,” says Richard Kissel, an IT specialist with the National Institute of Standards and Technology. “Then, you’ll have a much greater feel of where you’re going in your business and where the protection needs to be applied.”
And once you have limited the amount of information you collect on clients, it’s important for small businesses to regularly back up their data, both locally and remotely through an encrypted connection, Minchala says. “That way, should anything happen to the hardware, the database or the data in any manner, there are less points of failure,” she says.
Consider secure cloud-based data backup services, like Carbonite or Crashplan (which will cost close to $1,000 a year), and a Managed Security Service Provider (MSSP) to ensure your system and data are protected, Pfiester says.