Cyberattacks can hit businesses of any size, causing catastrophic damage to a business's finances and to the integrity of its information security. Hundreds of breaches occurred at large corporations during 2011, affecting over thirty million sensitive or confidential records. Hackers went after Sony, NASDAQ, and other giant businesses, but small companies are also vulnerable to attack. According to a report in the Business Journals, as many as eighty-five percent of small business owners do not see cyberattacks, which may include hackers or malicious software, as a serious threat. Heightened security at these big companies, though, could lead hackers and other cyber criminals to focus their attacks on smaller businesses who may not be so prepared.
Guarding against cybercrime is simply good business for small companies. A hacker targeting a small business can cripple the business or even force it to shut down with a very simple series of hacks or viruses. If a cyber criminal targets a small business' banking system, it could empty its cash reserves and leave it unable to operate. A hacker who compromises a business' confidential client data could expose the business to enough liability to put it out of business.
The "Common Sense Guide to Cyber Security," published by a coalition of government agencies and organizations, including the Federal Emergency Management Agency and the U.S. Chamber of Commerce, offers a set of security practices small businesses can use to protect themselves from cyberattack. After an initial set-up period, most practices involve simple daily maintenance and monitoring.
Risk Management Planning. Businesses should carefully assess the risks and weaknesses in their computing systems to see where protection is most needed. They should prepare contingency plans in case a breach or loss occurs, including how to continue business operations with alternate computing systems or at an alternate location.
Access Control and Accountability. A business's network security plan should include access controls that limit who may access critical systems and information. A single department or officer should have responsibility for information security and for approving new hardware and software, thus ensuring accountability for decisions and errors. At the same time, a business should educate all employees and officers as a means of creating a "culture of security." All employees should sign an agreement committing to the company's cybersecurity policies.
Firewalls and Other Security Measures. Firewalls can protect businesses from many common attacks, particularly from viruses and malware. Companies should also encourage use of complex passwords that combine upper- and lowercase letters, numbers, and other symbols; avoid common words and phrases; and change at least every three months.