No Business Is Too Small For IT Security

No Business Is Too Small For IT Security

This is excerpted from an article written by David F. Carr for Forbes magazine.

Not long ago, I was helping a small business set up a new e-mail system when the owner’s assistant told me to set her password to the firm’s phone number–the same number posted on the firm’s website. She explained that was the standard password she was using for lots of different applications and online services, and that it was OK. After all, who was going to pick on her?

Lots of small businesses have that same casual attitude toward information security, thinking they’re too small to be targets. Wrong.

For one thing, criminal hackers and mischief makers routinely run automated scans on everything connected to the Internet–every router, every website–looking for vulnerabilities. It’s like walking down the street jiggling the door handles on every car to see who left the door open, whether it’s a shiny Mercedes or a rusty old Chevy.

Breaking into your small-business e-mail accounts might not be as big a win as hacking into a bank. But what if there are messages in your inbox that contain account signup notices for various online services? Pretty soon, an attacker can be resetting your passwords and extracting confidential data.

“Most small businesses are using computers to run their business, but they’re not protecting themselves because they think they’re small potatoes, and nobody would be after them,” says Richard L. Kissel, an information technology specialist at the National Institute of Standards and Technology. NIST partners with the Federal Bureau of Investigation and Small Business Administration. NIST gives this as a SCORE seminar for the San Diego chapter.

Kissel has given a series of seminars on the topic of a small business outreach program. NIST published his paper “Small Business Information Security: The Fundamentals.”

Leave a Comment

Name *