When it comes to avoiding costly security breaches, a little computer security training can go a long way. And now, small businesses can help their employees rise to the challenge and effectively ward off cyber-attackers with a free security awareness program called Think Security First.
Why should you take steps to improve small business data security?
After a string of large-scale security breaches, like those that affected Home Depot and Target, it may seem that cyber attackers have eyes only for the big prize. However, small businesses are just as vulnerable—if not more so—according to Neal O'Farrell, founder of the Center for Information Security Awareness and currently the head of the non-profit, Identity Theft Council.
Data Breaches: Small Business, Big Target
Like bank robbers, hackers go where the money is. While the amount of information contained in their databases and business applications may pale in comparison to large enterprises, most small companies nonetheless sit on a valuable trove of financial statements, employee records, and customer data.
"It's all about economics to them, too, and small businesses are great economics," said O'Farrell about what motivates today's hackers. Worse, knowing that they're unlikely to encounter enterprise-grade threat detection and other network defenses, they'll bombard small businesses with phishing attempts and malware-infested spam. Moreover, they're not picky.
"Any old malware will do," O'Farrell told Small Business Computing. Betting that the corner boutique or local clinic is more focused on their business than they are on the latest online threats and operating system patches, it's common for hackers to take a "low-grade, shotgun approach," which maximizes the chance that an unsuspecting worker will open an infected attachment or click on an unsafe URL.
Due to their distributed nature, the sheer scale of some scams can rival the headline-grabbing security lapses of recent years. "Add them all up, and they're big data breaches," O'Farrell. Worse, with "no systems in place to check that they're breached," many small businesses often leak data with no one the wiser, save for the hackers.
Anti-malware and anti-spam software help, but given how quickly the data security landscape evolves, employees remain the first and best line of defense. Yet, training them can prove costly or outright prohibitive for small businesses.
O'Farrell's free security awareness and education program—Think Security First—is here to help.
Free Security Training Removes Small Business Budget Concerns
Frustrated by how workers consistently fall prey to malicious downloads and phishing attacks, and faced with the reality that most small businesses don't invest in data security training for their workers, O'Farrell got the idea of giving away the Think Security First program for free, effectively "taking budget out of the equation."
Designed for non-technical people, the course includes 14 interactive online lessons, each with a quiz. Upon passing the final exam, participants receive a certification as proof of completion and compliance.
Every bite-sized lesson consists of an entertaining video, each short enough (3-5 minutes long, on average) to view during a snack break. Combined with the zero cost of entry, "we're removing all the reasons people don't want to do training," said O'Farrell. "It's as easy as it gets."
Topics include password safety, mobile security, privacy and phishing, among others factors involved in handling business and customer data responsibly. The phishing module, for example, targets "click-happy employees," prompting them to think before they click on seemingly harmless links.
O'Farrell calls phishing "one of the most devastating attacks out there affecting all types of organizations" If employees simply pause to think before clicking or tapping on email links, they can spare themselves—and their businesses – a world of hurt.
O'Farrell suggests small business owners mandate that all their employees take the course and refresh their security knowledge once a quarter. In addition, "every new hire should go through it" during the onboarding process to set data-security expectations from the get-go.
Ultimately, it's time for small businesses to take data security seriously. "Basic security is no longer optional," said O'Farrell.
Going further, if companies can't commit to re-training their employees on a monthly basis, "they shouldn't be allowed to take credit cards," he said. "We are way past cajoling and begging."
Pedro Hernandez is a contributing editor at Small Business Computing. Follow him on Twitter @ecoINSITE.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|