We recently saw some government statistics which unfortunately underline that information security is becoming more and more of a challenge for small businesses. According to the 2013 Information Security Breaches Survey, 87% of small businesses experienced a security breach in the last year, up from 76% in the year before.
The most worrying trend of all is that small businesses are now a target for criminals: 63% of small businesses were attacked by an unauthorised outsider in the last year; 23% were hit by ‘denial of service’ attacks and 15% detected that outsiders had successfully penetrated their network. So what causes information security breakdowns and how can they be avoided? We think it comes down to five crucial failures:
Process failures – Companies need to put processes in place that protect their information assets. For example, are policies in place around home and mobile working and removable media such as DVDs and USB sticks? Are processes in place to detect and promptly respond to security breaches? Does a process ensure that default passwords are always changed? What is the process to manage user restrictions? Do processes exist to assess how people and technology are performing, and whether the corrective actions you take are effective?