You needn't be big to face big threats to proprietary information - from without and within
It's no secret that small and mid-sized companies are just as vulnerable to losing vital business data as the big guys.
Despite that, they're less likely to do risk assessments and take preventive measures to protect themselves.
"It's difficult to get people to spend money on something that hasn't occurred or if they don't think they have a problem," says Frank E. Rudewicz, managing director for UHV Advisors in Hartford. "But they end up spending much more money reacting than [they would] if they had done a routine security audit."
"Smaller organizations often think, 'No one is going to attack us,'" says Jeffrey Ziplow, a partner at Blum Shapiro Consulting in West Hartford. "But the reality is the hacker doesn't know whether it's a small or large company. A lot of times they just scout around."
Moreover, smaller companies may not realize that the most damage is often done by employees.
The American Society for Industrial Security's (ASIS) 2006 Trends in Proprietary Loss Survey of Fortune 100 companies "showed the No. 1 threat was internal," Rudewicz says, and that risks have increased through "exploitation of trusted relationships, including vendor, customers, joint ventures and subcontractor/outsourced providers."
According to a 2005 survey by the Ponemon Institute, which tracks information and privacy management practices in business and government, 69 percent of data breaches were made by insiders - and 39 percent of data breaches had to do with confidential business information.
The institute's 2006 National Survey on Managing the Insider Threats concluded the three top threats to data integrity were "missed or failed security patches on critical applications, accidental or malicious insider use of sensitive or confidential data and virus, malware and spyware infections."
To view the entire release, click here