Security breaches can cost your business millions

Security Breaches cost $600 Million

Many Australian businesses are still open to security threats such as viruses, spam, identity theft, trojans or spyware.

In 2007, the cost of security incidents for Australia Businesses was $600 million. The most common breach, affecting 64% of businesses, were viruses and malicious attacks. Note that most of the companies affected had anti-virus and firewalls installed to keep out intruders, yet managed to get impacted anyway. The report is consistent with a more 2008 study from Australia Bureau of Statistics that showed the impact of security breaches as:

  1. Unavailability of services (60%)
  2. Corruption of hardware or software (48%)
  3. Loss of Staff Productivity (44%)
  4. Corruption or loss of data (32%)

The survey also pointed out that a small number of Australia businesses use data encryption (5% to 15% of SME) as a way of protecting their data compared to USA (60%). The estimated financial loss for a medium sized business ranged from $3,000 to $500K per incident, with some having more than 5 incidents per year.

Biggest issues according to Aussie Survey are:

  • Viruses
  • Malicious Attacks
  • Spyware
  • Theft (hardware and identity)

What does this mean for small and medium businesses today?

Businesses need policies and standards in place on who to trust in e-mail, use of memory stick and other forms of portable devices that could introduce problems into the network. Recently, we had a client who added a “free anti-spyware” package based on an offer from a website. The “free anti-spyware” was actually a virus posing as a Microsoft package. This type of virus needs to be prevented with standards in place for your users.

We came across some interesting scenarios where computers have been compromised and used for things other than business (like gambling, porn, etc.) These occur either internally or externally. Another common problem we’ve seen includes exposing all customer database information to the internet for anyone to access. This means all your customer records are easily hacked and exposed.

Security has many levels and many think they are protected, but have not tested security for years. Security areas to think about include:

  • Entire Network
  • Servers
  • Individual PCs – in office, travelling and home access.
  • Mobile Devices – Laptops and Smartphones
  • People – Passwords, Memory Device usage

With so many avenues of access available, it is sometimes difficult to know if the software you are using or policies you have in place are doing the job. The best way to check is to conduct a Security Audit of your premises. Has your security processes, policies and software been regularly checked? Are they up to date? Check the integrity of your network and security systems by performing an audit which includes at a minimum,

  1. Penetration Test – test if intruders can easily enter your network.
  2. Infrastructure Audit – check Antivirus software system, Anti-spam, security of server location and network design. Are they up to date and are they the best protection for your environment?
  3. Check policies and adherence for media back-up, passwords, removable storage devices (USB keys) and business continuity.

Do not be fooled that achieving the above is easy. If you have experts on-site, you can likely do yourself, however, it is a good policy is to have an external source complete your audit.   The fee for an audit depends on the size of your network, however most small offices are $300 to $500. This is a small price to pay for peace of mind.

There are a number of free resources to read about how to improve security in your workplace. One of the best is Stay Smart Online.

Start an IT security audit on your business with our free: IT Audit Checklist.

We can help you find the right type of security solutions to meet your business needs, give us a call today.