Help, My data is being attacked, what are they after?

Its not personal-its just businessAs a small and medium business and not for profit organisation why is my business data being attacked and what are the attackers after.   This question has many answers, it could be kids who want to see if they can access your data just for the sheer hell of it or it could be something a lot more sinister.   If an attacker gains access to your data and information then you could be in for a very hard time.

SME’s are easier targets for criminals, they lack the internal training and knowledge required to protect their sensitive data.   They have limited access to high end and costly security features and resources.   Most of the time, SME’s do not realise how vulnerable they are to both internal and external attacks.   When an SME is attacked or compromised, the repercussions and effects of that compromise are all mechanisms of having a decent security strategy.   The resilience of the business will ensure that if something does happen that the business is in a better position than previously thought.

What can be damaged?    In the event that your business is attacked there are 6 things that will create havoc if the attacker gains access to your data and information:

One of the most devastating repercussions of an internal or external attack is the Destruction and loss of Intellectual property or Trade Secrets.   Most SME’s have significant money and intellect tied up in what they do and how they do it.   This information is critical to the viability of the business.    If your competition had access to this information then your business could take a significant financial hit?

Another area of damage that an internal and external attacker can visit on your business is Vandalism.   This sounds pretty strange but one of the most psychologically damaging things that can happen to a business, the owners or management and also the staff is to have their web site changed, or even worse changed in such a way that it is infected with malware so all of their visitors become infected.    There is nothing worse than going to your web site and finding that the content has been changed.   It may be just a prank but the repercussions can be pretty overwhelming.

An internal or external attacker can do a great deal of damage to a business’s reputation.   This can be achieved in a number of ways.   The most prevalent is the fact that you have been compromised and you don’t inform your clients, or you have been compromised and the internet finds out about it.   What happens if an attacker gains access to your client file list and sends each of your clients an invoice.    In another situation is if your internal memos, where a comment about a client can be taken out of context or misconstrued were released to the outside world.   That would have a significant impact on your reputation, Think WikiLeaks.

Internal or external attackers can use information that they have gained for fraud and theft.    They can sell or give away the information on the internet to the highest bidder through notice boards and chat rooms and depending on the information – credit card details – they can gain access to your client’s money and steal it.

A security breach doesn’t always include the loss of information, if your data becomes unavailable through an internal or external attack then you will have the additional problem of Lost Revenue.   If the information and data for your business is off line due to an attack then your business will start to loose income.   Depending on the length of time that your data is unavailable will have a significant impact on your business.

All of the information that you have on your business system is your responsibility to protect.   If you fail to protect that information then you may be legally liable to your clients in regards to breaching their privacy and personal information.   This liability can take on many forms and could include compensating your clients for the loss of their personal information.

The responsibility to protect your business data and information falls squarely on the shoulders of management and owners when it comes to protecting the business.   Implementation
of a security strategy will allow the business to be in a better situation to protect the business, react if the business is attacked or recover when something does happen.

Posted in IT Security and tagged , , , , , , .