Comedy legend Jerry Seinfeld has a clever bit on how little we worry about our safety when we're in a taxicab. "They've got that glass partition in front of you," Jerry says, "so it's like you're watching the whole thing happen on television." Jerry then points out that no matter how dangerously the cab driver weaves through traffic, we remain completely unworried. We just sit back calmly and think, "Wow, that looked dangerous. I don't think I'd try that in my car."
How is this relevant to a discussion of Cyber Security? As small business owners and members of the general public, we tend to take in the ever-present news of the latest electronic security breach with the same level of detached fascination. JPMorgan Chase had its customer data stolen? Wow! That's going to require some PR damage control. Pentagon computers were breached? I thought that only happened in the movies. Twitter was hacked by the Syrian Army? Amazing!
What's left unsaid throughout all of these attacks -- but what many of us are probably thinking -- is that they make logical sense because the targets are large, public and offer something valuable to the attackers: national-security information, vast sums of money, etc. But, we reason, our small business isn't under the same constant threat. After all, we're just a small provider of fill-in-the-blank. No one would even bother trying to hack our systems, right?
Smaller targets can mean big rewards for cyber criminals
Small and medium-sized businesses are equally susceptible to attacks from hackers as are large entities and even government agencies. According to the National Cyber Security Alliance, an astonishing one in five small businesses falls victim to cyber crime each year. Even more frightening: According to an August 2013 story in PCWorld, of those small businesses whose systems are breached, roughly 60 percent go out of business within six months after the attack.
Why do hackers, data thieves and other cyber criminals target small businesses? Several reasons. First, gaining illegal access to a smaller firm's data can help a cyber criminal later hack into a larger entity -- because these smaller companies often do business with large firms and have passwords and other electronic access to their systems. Why try to break into the big bank directly, when you can just sneak into a tiny company that does business with that bank, and steal its access?
Another reason hackers target the computer networks of smaller firms is that they assume -- often correctly -- that these small businesses have less sophisticated cyber security in place and do not enforce the same level of data-protection protocols as their larger-firm counterparts. According to a 2013 Internal Threat Report from data security provider Symantec, 31 percent of targeted cyber attacks in 2012 were leveled against businesses with fewer than 250 employees. The report further points out that this represents a massive jump from 18 percent in the previous year. Cyber criminals are targeting small businesses in increasing numbers. And yet Symantec has also found that an incredible two-thirds of small and medium-sized businesses do not worry about cyber attacks. Perhaps hackers are reading these reports as well.
Smart phones: the walking security threat
Contrary to a common misconception, cyber attackers don't limit their targets only to the web or to businesses' data servers. Clever hackers have found they can also steal sensitive electronic information by targeting mobile devices, often through hacking voicemail. As eVoice's 2013 "Device Vice" Survey Data finds, our mobile phones play an increasingly prominent and essential role in our business lives, making them a juicy target for cyber threats. Consider:
• 36 percent of small business professionals use three or more mobile devices to run their business. Each of those is a point of risk, not only for loss or theft, but now also for attack.
• 32 percent give their mobile number out to customers, 19 percent give it out to partners or investors, and 18 percent give it to vendors. That means your contact list, call log, and voicemail contain valuable information about your business.
• 35 percent of small business professionals text every day for business. No longer just for chit chat with friends, your text messages now expose business information, too.
So how can you protect your business's mission-critical mobile information from cyber attacks? Here are a few simple, yet effective suggestions.
Mobile data security tips from eVoice
1. Password Protect your Devices
Out of convenience, many people do not use the password feature on their phones and tablets, the thought being "Who wants to type in a password every time their phone buzzes?" Mistake! Keeping someone from ever activating your device is your first line of defense.
2. The Bigger the Better
A six-digit PIN is better than a four-digit PIN. It's also important never to use a device, email, or voicemail password that is the same as your banking PIN.
3. Change Your Pin for Extra Security
Never use the default PIN provided to you by your service provider. Small business owners should change their PIN right away. In addition, create a new PIN every few months for an added layer of security.
4. Leverage the Cloud
Even if your mobile phone is your only phone, you can separate your business use from your personal use, virtually. Services like eVoice give you a separate business phone number that routes calls anywhere. Someone stole your iPhone? Re-route your business calls to another phone so you--not the thief--gets the call or voicemail.
Mike Pugh is vice president of marketing at j2 Global Inc., a Los Angeles-based provider of cloud-based communications services including eFax® and eVoice®. He can be reached at firstname.lastname@example.org.