10 Reasons Why Your Business May Not Be Secure

The first step in planning for a technology disaster is acknowledging that it could actually happen to you. Part of that process involves identifying areas in which your business is disaster-prone.

According to an AMI Partners research report, 99% of small businesses have experienced some degree of a security breach—half of them had private knowledge stolen and 82% of them were bombarded with DoS attacks. As adverse as these statistics may seem, they aren’t the least bit surprising. In fact, they’re fairly typical. The unfortunate truth is the average business owner isn’t fully aware of the many weaknesses that make his or her company susceptible to disaster events. Being a titan of industry isn’t all about driving in profits—you have to know how to prepare for and deal with life’s many curve balls.

Below is a list of 10 reasons why your business may not be secure. If any of them apply to you, then it’s paramount that you take action now!

1. A lack of protection from internet threats. Some of the most common technology disasters are the results of online attacks. These types of intrusions typically come in the form of malware—computer viruses, spyware, Trojans and the like. If you don’t have formidable malware protection software installed on all of your internet-connected devices, then you’re automatically at risk!

2. No backups of critical data. Not every disaster is preventable, which means one day you may have to accept the loss of primary data. The importance of having all of your company’s information backed up (preferably somewhere external from your main base of operations) cannot be emphasized enough. If the hardware bearing your most critical data were destroyed in an accident, would you be ready to handle such a loss?

3. No video surveillance on your property. The US Bureau of Justice Statistics reports that roughly 75% of all crime in the US is property crime. A small business may not be in dire need of surveillance equipment fresh out of the gate, but the more your business grows the more interest criminals will take in what you have to “offer”.  Don’t put off the importance of keeping an eye on your property, or one day you may wish that you ranked it higher on your to-do-list.

4. Being untrained in operating surveillance equipment. After reaching an all-time high of 168 in 2007, the average number of surveillance installations per dealer/integrator has been slowly declining. Even more astonishing are the dozens of research reports that claim video surveillance has little to no positive impact on crime. Don’t be so quick to make an extrapolation here—the truth about surveillance cameras is that they’re often ineffective because companies have no idea how to capitalize on them (let alone operate them effectively). You can drop some cash on getting the equipment installed, but if you don’t invest in learning how to use surveillance to actually prevent property theft, then you won’t accomplish anything.

5. No limitations on Wi-Fi access. Anti-malware software isn’t all you need to protect your business from online intrusions. If you have a lot of guests filtering in and out of your building—or maybe your employees take lunch breaks at the computers—then you should ensure that your Wi-Fi access requires a password and is limited to certain websites.

6. Failure to take out insurance policies. There’s no getting by without insurance in today’s business world. When disaster strikes, you’ll be naked in the cold if you don’t have two particular types of insurance policies: property insurance and business interruption insurance. The former will cover most of the costs of damaged or destroyed equipment, and the latter will mitigate most of your income loss if your business is forced to shut down temporarily.

7. Employees not educated about your disaster plan. If you already have a disaster plan, that’s great. However, if your employees aren’t well-versed in its architecture and execution, then its benefits will be very limiting in the event of a crisis. Take the time to hold a meeting to discuss your plan with your workers so that not only can they learn about its critical components, but so they can also offer feedback and advice on how to adapt it to perfection.

8. A lack of data encryption. While having backups of all your data is critical, it’s just as important to protect your primary information. A growing business has a lot of incoming and outgoing data flowing through it—you’ll want to ensure there isn’t any unauthorized access, use of, or alteration of your data. The best way to do this is to implement data encryption into your system.

9. Failure to conduct regular security audits and IT assessments. Simply said, you need be up to date with your IT infrastructure at all times. This involves conducting regularly scheduled audits and assessments. Take inventory of all your hardware, update any outdated software applications and work with an IT expert to assess any possible security threats.

10. Using only one password for your entire system. A lot of people tend to overlook this one. If you have a one-shot password for everything in your system, then it will only take one leak for your network to become compromised. Create multiple, complex passwords for each component of your system.

The above list constitutes some fairly typical errors that many businesses fail to address, which means you shouldn’t sweat when dealing with them. Consider them as fundamentals—once they’ve been properly addressed and handled, you can work on designing an intricate technology disaster plan to protect your most precious assets.

References:

[1] http://www.ami-partners.com/index.php?target=products&product_id=2065 (Retrieved 5-10-2012)
[2] http://www.securitysales.com/files/ssgb11video.pdf (Retrieved 5-10-2012)
[3] http://www.youarebeingwatched.us/about/182/ (Retrieved 5-10-2012)