Cyber security is not a “once and done” proposition
Small businesses present a soft target because they tend to have basic security programs. The small business “security program” may consist of only a free anti-virus program and an outsourced IT company with little true cyber-security expertise. Others who have made a proactive effort to protect their business may still lack the expertise and investment necessary to fight the evolving threat. Cyber security is not a “once and done” proposition; rather, it is a war of attrition requiring a certain amount of daily awareness. Call your local police to report a burglary - they will come quickly, be well trained and prepared to investigate the crime. Call the same law enforcement for a cyber-crime and you will discover that they do not currently have the resources to immediately handle and investigate what would be considered smaller cyber-crimes.
Small businesses tend to have a higher likelihood that the same mobile device is being used for both personal and business needs. Companies with large IT departments have methods to segregate the business applications using encrypted containers on the employee’s smart phone or tablet. When someone mixes personal and business email, phone, texting, social media and collaboration apps, the digital surface where they can be researched is exponentially larger and more risky. When your personal and business persona is merged, it is easier for the malicious social engineer to develop a plausible phishing email to trick you into clicking the wrong thing.
|Cyber Security: Nature of the Threat (3 of 3)|
About the Author
Kevin Baker has been working in the information security field for eighteen years. His roles included a security engineer, risk manager, people leader and program builder. Kevin's security practice in financial services security and compliance has extended to both international and domestic markets. He is currently the Information Security Leader for Westfield Insurance.