If the Equifax data breach has taught you nothing else, it should be that any company can be subject to a security compromise if they are not careful. According to news reports, Equifax was breached through a vulnerability that was disclosed and a patch made available 2 months prior to when their system was infiltrated. Given the extremely sensitive nature of the data that Equifax keeps on hundreds of millions of people, waiting at least two months to implement a patch on a vulnerability that serious can only be considered irresponsible at best. However, the relatively simple mistake that Equifax made (not paying attention to the disclosure of a security flaw) is something that many thousands of businesses repeat every single day. It is often only a matter of time before a security vulnerability is exploited for many businesses who do not do their due diligence when it comes to security.
To be sure, most small businesses have much simpler networks and technology systems than a large corporation like Equifax. However, this is no excuse to be lax on security. Many small businesses, especially any in the medical or financial fields, have a lot of information that can be extremely valuable to identity thieves. In addition, any company that works with businesses in the medical or financial industries, as well as those who service governmental agencies, are also vulnerable as their business could be used as a staging point to breach other businesses. Suffering a serious data breach can be fatal for many small businesses so it is certainly worth the effort to make sure that a business has adequate security in place to protect their valuable data, including customer information.
The problem is that most small business owners are not technology experts. How can someone who is very busy running their business and servicing their clients be expected to learn and implement relatively complicated technology security practices? Generally they must rely on either their technology staff or their outsourced technology service providers to do so. Even then, as the Equifax incident has shown, it is possible for technology professionals to fail in their tasks. So what is a small business owner to do? The answer is to have a second opinion on their technology security – i.e. a Security Check-Up.
If you currently have technology staff or an outsourced technology provider, it is in your best interest to review their technology procedures and then have another technology provider perform a security audit to ensure that adequate security precautions are in place. If you are like many small businesses who do not have any professional technology help, then hire a trustworthy technology professional to perform a Security Check-Up as soon as you can!
If you need help with evaluating the security precautions of your business, please feel free to contact me right away. I am currently lining up clients to perform Security Check-Ups for the last quarter of the year so make sure you are protected before a security breach impacts your business.