How to reduce your risk of a cyber security breach by Lisa Kahn Grossman,

21/11/2014 08:07

According to Chris Collins (R-NY), Chairman of the House Small Business Subcommittee on Health and Technology, nearly 20 percent of cyber attacks are carried out against small businesses with fewer than 250 employees.

Yet, small business owners are often lulled into a false sense of security, thinking that only major retailers, banks and healthcare companies are at risk. For example, the Heartbleed Bug, disclosed in April of 2014, left nearly half a million secure web servers vulnerable to attack, including those used by thousands of small business owners.

My colleague, Jorge Rey, specializes in information security and compliance. He answered the following questions for small business owners looking to minimize risk.

See Also

How do I know if my small business is at risk?

Does your company maintain sensitive data pertaining to customer credit card information? How about company records, financial information, budgets, operational reports or data on your suppliers or business associates? Most businesses maintain some amount of sensitive data, and if you are not working to protect it, you could be putting your business at risk.

Are hackers the only threat to data security?

Although a malicious attack is the most commonly discussed threat to cyber security, it isn't the only type your business should watch out for. The following are the four common threats to data security:

  1. Natural disaster: No matter where your business is located, it's at risk of facing a natural disaster. Whether it's hurricanes, tornadoes, earthquakes, fires or floods, any natural disaster can potentially damage your location and destroy your business' physical records.
  2. Human error or equipment breakdown: Everyone makes mistakes, but occasionally those mistakes can put your company at risk. Accidentally deleting the wrong file, breaking electronic devices, leaving equipment unattended or sending emails containing sensitive information to the wrong people can expose vulnerabilities in your data security system.
  3. Internal attack: How well do you know your employees? Proper safeguards and internal controls can help to determine if data is being accessed without authorization and can deter employee fraud.
  4. Malicious attack: Don't think your data is valuable enough to be targeted by a hacker? Did you know most malicious attacks are not targeted? Instead, hackers send out millions of feelers to identify vulnerable systems. Sometimes these hackers are not motivated by financial gain, but the knowledge that they have the ability to hack into and disrupt your company's operations.

How can I minimize risk to my business?

Business owners looking to minimize risk should consider evaluating their operations from a technical and operational viewpoint. A technical review can provide a deeper understanding of an organization's IT weaknesses and exposures. It might uncover issues such as downloaded pirated software, lack of anti-virus protection and bandwidth abuse.

In addition to assessing IT risks, an operational review can identify the areas of your business that have established policies and procedures, measure the effectiveness of those procedures, and compare them to industry best practices to determine if they are adequate. An operational review also can assess how the business' use of technology aligns with its goals and needs.

Is there anything else I can do to protect my company and myself online?

Developing strong and unique credentials for the sites that you log into can help to protect your information online. Consider using password combinations that are unique to each site that you log into and that contain at least one letter, including one capital letter and one lowercase letter, at least one number and at least one symbol and punctuation mark.


Lisa Kahn Grossman is an associate principal in the Entrepreneurial Services department of Kaufman Rossin. She works with entrepreneurs, high-net worth individuals, and nonprofits. She is a certified QuickBooks ProAdvisor, a licensed Certified Public Accountant in the State of Florida, and a member of both the American Institute of Certified Public Accountants and Florida Institute of Certified Public Accountants.

Read more: