Cyber criminals have set their sights on small businesses. Over the last five years, there has been a steady increase in attacks targeting businesses with less than 250 employees, reports Symantec in its “2016 Internet Security Threat Report.” Symantec points out that the number of spear phishing campaigns against small businesses, in which an attacker tries to exploit an organization by sending an infected document attached to an email, grew each year from 18% in 2011 to 43% in 2015, although many of the attacks were directed to fewer organizations.
The report concludes that 1 in 40 small businesses are at risk of being the victim of such a cyber crime. That figure still is much less than the 1 in about 2.7 large businesses that are targeted every year with multiple spear fishing attacks. However, Symantec says the numbers indicate that businesses of all sizes are vulnerable and that hackers are just playing the “long game” with larger companies.
In part, because they have smaller IT budgets and so spend less on cyber security; small businesses may be more vulnerable to the growing risk of cyber crime. In 2015 Symantec discovered more than 430 new unique pieces of malware, up 36% from the year before. Still, the increase in spear fishing attacks directed at small businesses clearly shows that these attacks are intentionally directed at smaller organizations, Symantec points out.
Since all businesses are vulnerable to attacks, being aware of the potential threat is critical. To minimize risks, every small business team member needs to do their part to protect company and customer data. Security measures should include:
Create strong passwords: A strong password should be at least eight characters and include a combination of upper and lower case letters, numbers and symbols. Also passwords should be changed every 90 days at a minimum.
Put up a firewall: Firewalls protect network traffic and can stop hackers from getting data by blocking certain websites. Small businesses also can program a firewall to restrict what company data and emails can be sent.
Install antivirus software: Antivirus and anti-malware software programs should be installed and kept to date with the latest versions that include protection against new malicious programs.
Encrypt data: Encryption software can be used to alter information into unreadable code to protect financial information and customer data.
Protect mobile devices: Users should be required to password protect their mobile devices, encrypt their data, and never access proprietary company data over public Wi-Fi. Company cyber security guidelines also should include instructions for reporting lost or stolen equipment. Installing remote wipe apps that delete data from a mobile device after a pre-specified number of failed log-in attempts or moves outside of a defined geography is another precaution to prevent data compromise.
Update browsers: The latest browser versions should be installed to avoid watering holes, which is malicious code installed on trusted websites. .
Secure the Wi-Fi network: A strong admin password should be set on the router and periodically changed along with a strong passphrase to encrypt the network.
Train employees on security: A written security polity should be in place to protect data, which everyone on the small business team must read and be sure to understand.
Secure calls with DECT compliant headsets
As small businesses establish procedures to protect confidential information, they should also consider protecting calls against eavesdropping. To this end, many headsets are based on the Digital Enhanced Cordless Telecommunications (DECT) standard. Originally used to connect cordless phones (handsets) to a base station, DECT nowadays also is used to establish a wireless communication link between a headset and desk phone, mobile phone or computer to make and receive calls.
Security is one of the strong points of DECT technology. It uses a layered system, which includes subscription, encryption and authentication to ensure a very high level of protection against eavesdropping. Certain industries, such as healthcare and finance, require DECT-based wireless communications for maximum security and confidentiality.
To learn about Plantronics DECT Security Certified Products, download Plantronics white paper.