According to a 2010 study performed by Symantec, out of 1,000 U.S. small business owners, the average annual cost of cyber-attacks on small and medium sized businesses was $188,242. Statistics also suggest roughly 60 percent of small businesses will close within six months of a cyber-attack. The stakes are high for individual businesses and the nation as a whole: a single malware attack or data breach can be fatal to a small business, but the collective vulnerability of all businesses is a major economic security challenge. So how do you protect your business from being victimized?
Our Expert’s Opinion
(Slaven Manning, MCSE)
Minimum Security Solution:
For the small business, there really is no acceptable “minimum IT security solution.” Anything less than recommended security is unacceptable.
Recommended Security Solution:
Recommended IT security for the Small Business includes all of the recommendations a typical home user should have with the additional requirement that all “shoulds” now become mandatory:
- Any wireless traffic must be encrypted with the highest encryption supported by the wireless router.
- All servers and workstations, and any tablets or other mobile devices capable, must run security software capable of providing both antivirus and anti-malware protection.
- All email other than web-based must be protected by an antivirus / anti-spam / anti-malware solution.
- There must be at least one individual responsible for monitoring all computers for available operating system and security updates and applying those updates when available.
- All users should be required to have an individual logon assigned to them and each logon should be required to have a complex password assigned to it.
- Each server or computer must be logged off or locked when a user is not present at the system.
In other words, the “small” in Small Business does not reduce the needs for IT security which would also apply to a “larger” business. The importance of data integrity and security does not differ depending upon the size of the organization which depends upon that data.