The volume of web-based attacks increased 93 percent in 2010, according to the latest Symantec Internet Security Threat Report. Yes, some of the biggest and most common security threats include malicious links from spammers and phishers, hackers who want to crash computers and send malware for whatever reason and thieves who wish to steal customer data and people’s identities. Yes, small businesses need to be protecting themselves against those threats, but there are many security threats that often go overlooked, and often unprepared for. Here are five of those threats, their consequences, and what can be done about them.
- Hijacked Domain Names – This is where a hacker or cybercriminal has redirected your website or domain name to another, malicious website. It could also mean someone transferring your website domain over to them, and then registering it with another host. A quick Google search reveals is a very old security threat, spanning all the way back to 2005. To prevent this from happening, use a good password for your hosting account, make sure the contact information is up-to-date at all times (it looks bad on you if it doesn’t, which could make it hard to get your domain name back if it is hacked), and keep track of renewal dates (once the date is up, someone else could use the name). In the even that your domain name gets hijacked, contact your web host immediately to straighten things out.
- Disgruntled Employees i.e. Threats from the Inside – Whether they are still with the company, or have left, employees need to be trained on security awareness with strict security policies put in place. Take the time to make employees aware of their access privileges and to have them sign agreements that they understand these policies and privileges. Protections especially need to be in place after IT professionals leave your company. In July, a disgruntled IT administrator deleted several virtual hosts at a Japanese pharmaceutical firm, freezing the company’s operations for several days and costing them almost a million dollars. You wouldn’t want to be at risk simply because the IT guy wasn’t happy with his layoff.
- Physical Breaches and Theft – Yes, don’t forget the consequences of someone walking out with your hard drive, tablet, or laptop, whether it be a customer or an employee. Laptop theft alone already accounts for billions of dollars in losses. Keep stationary devices locked to a pillar or post. For the mobile devices, have the data on these devices encrypted, so the thief can’t take it and use it for their own gain. For both types of technology, do a remote data wipe once you find out a device has been stolen.
- Loss of Accountability Over Employee Accounts – You may not realize it, but your employees could be sharing passwords. This tends to happen when someone goes on vacation or maternity leave, and he or she wants to grant access to coworkers to keep things going. Although this practice is mostly harmless, it does make it hard to hold someone accountable in case something does happen. How can you hold someone accountable to a damaged account if five different people have access? To prevent this debacle, either enforce a policy that’s against sharing passwords and accounts, or utilize a cloud office productivity suite such as Microsoft 365. This can not only ensure that each person gets a unique account and password, but can also grant an administrator to see people’s behavior. So, if something does go wrong, you can track down the culprit.
Overall, protecting yourself and your business from security threats is a constant challenge. There’s never a “one and done” solution as threats change, and new threats appear. In the end, it’s better to do what you can now and have a plan in place in case of a security breach, instead of waiting for a security breach to happen before doing something and taking the necessary precautions.