When there is talk about IT security and data breaches, people imagine shady criminals in a darkened room, in some far away land, working to infiltrate governments or large corporations. There is also a common misconception that the only targets for hackers and thieves are large businesses. Why would anyone bother with the local landscaper or pizza shop?
Well, because unlike the large corporations, which have huge corporate security budgets, small businesses are notorious for skimping on or completely ignoring IT security. Therefore, they are easy prey to anyone with ill intent.
Here are three common mistakes I’ve seen over the years that can be catastrophic to a small business:
1 – Unsecured Wireless Networks
This is probably the most common issue I see. Most new routers come with a pre-configured security key, which provides a certain level of security, but many business are still running wireless routers that are over five years old. Those routers are the ones that had the default Wireless Name (SSID) of ‘dlink’ or ‘linksys’, to cite a couple. Customers would buy those routers, plug them in, and immediately have wireless internet! Except that everyone else around them would too…
Usually, these routers aren’t isolated from the main network at all. An attacker can connect to the unsecured network and immediately have access to network resources… like shared folders, or even a complete customer database, in addition to the company’s Quickbooks files.
That’s an actual situation I came across, by the way. The client had no idea how close they were to suffering a catastrophic data breach, since I could read and write the files. Oops.
2 – No malware protection or inadequate protection
The second most common issue are clients that *still* don’t use proper malware protection. That includes anti-spyware and anti-virus software. Many feel protected with using just Windows Defender or Microsoft Security Essentials in a business environment. AVG Free is still frequently used, even though the protection offered is mediocre at best.
The reality is that you have to invest in a proper security software. Kaspersky and Panda are great options, and even though many clients are wary of Symantec products, they’re excellent options as well.
New malware is being created at an alarming rate, with exponential growth in the last five years. I remember a client last year that lost over $20,000 in sales over the course of the three days I had to keep his office shut down to clean the computers and perform Windows reinstalls. Buying a good security software is much cheaper than that.
3 – Using pirated software
This, thankfully, isn’t as common nowadays as it was in the past, but still happens often enough that it’s worth mentioning.
Business will decide they must buy an expensive piece of software. Say, Adobe Creative Suite or AutoCAD. They’ll go online, see the cost, and balk at the purchase. Someone will mention “why don’t you just torrent it? That way it’s free!”
That not only is a serious legal issue, should the publisher of the software decide to audit your business, but it’s also a massive security problem.
Usually, software acquired through illegal means will come with patched application files or key generators, enabling users to install and run the software without a valid licence. Unfortunately for the unsuspecting user, these key generators and patched files are usually infected with some sort of malware. This enables the creator to control the machine remotely or steal information stored on it.
Think about it this way: imagine you wanted to buy a $4000 gizmo. You then go to the nearest street corner and there’s a shady looking fellow that’s willing to give you that gizmo for free. Would you take it? I doubt many people would.
4 – Thinking you’re safe because you have a Mac
It’s also worth mentioning that Apple computers are not immune to malware, contrary to general perception. A few years ago, a malware popped up that infected Apple computers through pirated copies of Photoshop and iWork ’09. This malware enabled malicious users to take control of the computer and steal data from it. Not to mention a Trojan that infected over half a million Macs back in 2012.
Therefore, if you have an Apple computer, make sure to take the same precautions as you would on a Windows machine, such as installing adequate malware protection software!
Valter Cid
Cat Digital Solutions