No matter how small your business, you are a target. As the Target data security breach has demonstrated, hackers will use any means possible to attack large businesses and gain access to their data storage. It now appears the path hacker’s took into the Target customer records was enabled by one of Target’s vendors, and not a vendor involved in processing credit charges, but a heating and cooling contractor.
Hackers view small business, which may have less robust data protection systems, as a tool to gain access to their real objective. Large corporations like Target may have sophisticated network security in place, but they also rely on hundreds or thousands of vendors or subcontractors, many of whom may have access to the larger entities networks or business systems.
For a small business, there exists a real possibility that they could be the means to a breach, like the one involving Target, that could generate millions of dollars of damage liability for the larger entity.
This type of business litigation could sink your company. Even if you are not at fault, commercial litigation to determine your responsibility could become cost prohibitive.
What to do? An ounce of prevention here is worth many pounds of cure. Work with a reputable security consultant and technology firm to create layers of security. Hardware is cheap. Build separate computers or networks to protect your sensitive customer and vendor data.
Constant training and vigilance is also necessary. These threats are relentlessly evolving, and you cannot afford to rely on systems installed two or three years ago. Your staff must understand the risk, especially with email communication, and the danger posed by phishing emails that can deliver malware and infect all of your internal systems.
Source: Forbes.com, “How To Prepare Your Small Business For An Inevitable Data Breach,” Adam Levin, February 13, 2014