When we do network security consulting for large corporations, we're often hired as a result of a malicious network intrusion- and these days, it's common for the attacks to originate overseas from countries including Russia, China, and North Korea.
Typically, these attacks are intended to mine a company's customer data with the ultimate goal of obtaining information for credit card and identity theft.
Because of the catastrophic consequences of such an occurrence, most large company CIOs and CTOs that we speak with are well aware of this phenomenon and have developed corporate security strategies for dealing with it.
Smaller businesses, however, all too often believe that they can fly below the radar of this type of international corporate warfare.
The truth is, we see even small business networks getting hacked from overseas on a daily basis. These intruders don't care how big a business is or what type of industry it's in. All these hackers are looking for is an easy target- and with most of the larger businesses hardened against these kinds of attacks, smaller businesses are naturally next in line for exploitation.
Fortunately, it's not difficult or costly to secure your business from these types of security threats. The first- and most important- step is to recognize the scale of the potential problem and decide to act to address it.
Just like with getting in shape, the hardest part is putting your shoes on.
Correlate these findings with your company's core business requirements, augment your thinking and experience with third-party consultants if necessary, and then present your strategy to the CEO/board.
If you're responsible for IT at a smaller organization, it's critical that you answer this question: Am I completely confident that none of my customers' information is vulnerable in any way to unauthorized access- malicious or otherwise?
If the answer is no- and let's be honest, for most small businesses that's the truth- then you need to do exactly what the big companies do: create and implement a data security and privacy strategy.
If you have an IT staff or use a consultant for support, you should task them with explaining to you how secure your environment is- and challenge them with getting your business to the point where you can answer "yes" to the big question above.
And if there's anything we can do to help you get to "yes", we'll be here too.
Having confidence in your company's ability to fully protect your customers' data is paramount to you being able to succeed as a business. Fortunately, it's easy to take the hardest step toward getting there by recognizing the danger and deciding to act.