Kaspersky Lab says smaller firms are bigger targets to hackers than they believe.
Human error and limited security measures are making it easier for hackers to target small businesses, claims Kaspersky Lab, despite the majority of them believing they are safe.
According to the security firm’s research, three-quarters of SMBs believe they are too small to be of interest to hackers, while 59% believe their information is too insignificant for hackers to target it.
But Kaspersky’s senior security researcher, David Emm, said these were misconceptions, and that they put SMBs at greater risk of a data breach.
More details on the findings are set to come, but in the meantime Emm has outlined four key steps businesses must take to safeguard their data:
Stepping stone – "Whether it’s a supplier, a partner or a customer, SMBs tend to have links to other, larger companies. With this in mind, cyber criminals increasingly target SMBs to get information which will enable them to access the larger company’s infrastructure. For example, if the SMB in question is a widget supplier to a big name, a cyber criminal can sneak into their system if insecure and steal information that will make it easier for them to gain access to the larger company’s infrastructure, putting both them and their associates at risk.
"If cyber criminals access enough smaller businesses, their gain could be on just as large a scale [as a hack of a larger company], or ultimately give them enough collateral to access a big organisation directly."
Awareness – "Are SMB employees aware of cyber security? Do they know what to look out for? Phishing / spear phishing and watering-hole attacks are often used to trick staff into giving away confidential information, such as passwords and account details, which could help grant a cyber criminal access to the company’s infrastructure. This could enable the hacker to steal valuable customer and corporate data.
"Another aspect of awareness is the ever increasing use of humans as part of the hacking process. Do you allow the contractor who visits your office each week to connect his USB stick to a company computer? Little do you know, this device could be infected with malware, ready to infiltrate the company’s system and steal valuable information."
Forecast – "Small companies often lack IT support which keep an eye out for potential cyber threats. It is important for all employees to keep their ear to the ground in terms of recent threats, and to get in third-party vendors and experts to educate their staff so all can keep an eye out for the tell-tale signs.
"Forward planning is also an issue SMBs need to be aware of – do you have a recovery policy in place if you were to be hacked? How would you get your business back to a positive, secure and reputable place? Make sure all employees know they have a responsibility in terms of the company’s IT security."
Educate – "It is vital to make sure all staff are educated on security policies, just as they are on health and safety issues. This is important in all organisations but in particular, for smaller companies. You need to demystify the issues, explain them in an easy to understand manner, use analogies if necessary; create a few simple top tips or do’s and don’ts for staff to follow and place posters including these all over the office.
"This security strategy isn’t a one-off activity; it will need to be revisited on a regular basis to keep up with the security landscape and keep security issues front of mind."