NEW YORK ( TheStreet) -- The data breach last week at email service provider Epsilon affecting large firms including Verizon (VZ - Get Report), Capital One (COF - Get Report), Best Buy (BBY - Get Report), Citigroup (C - Get Report), and Target (TGT - Get Report) should have small-business owners reassessing their own strategies to keep customer information, employee records and other confidential information safe.
interviewed Sarah Fender, vice president of marketing and product management at
, the Overland Park, Kan., company providing phone-based authentication solutions to small and large companies. Additional comments came via email from PhoneFactor co-founder and Chief Technology Officer Steve Dispensa.
What are some common misconceptions small firms have when it comes to IT security?
|Workers checking email and logging onto networks remotely can spread viruses. PhoneFactor is among companies providing security such as phone-based identification systems to limit data breaches.
The first one relates to antivirus and anti-malware software. Antivirus software generally only catches 60% of the current viruses that are out there, so that's 40% of the brand-new viruses [that the software] isn't even looking for. No one is going to recommend that you don't use antivirus software; we just want people to be aware it's not enough as kind of a standalone. If that's the only thing you're doing to protect your business, then you're probably not doing enough.
Another common misconception, particularly among small businesses, is that passwords keep the bad guys out. This may be true for workers logging into their PC at the office, where physical security helps ensure that the legitimate user is logging in. A co-worker would likely notice a stranger sitting in the cubicle next to them. Increasingly, we're all working remotely. We're checking email from our smartphone. We've got
(AAPL - Get Report)
iPads. We've got all kinds of ways to log into email or networks when we're not in the office. In those scenarios, passwords are not enough.
How can small firms implement a strong data loss prevention security strategy? What is most important in doing that?
The basics are important -- keeping servers and user computers patched, with
current anti-malware software and an active firewall
. [Small businesses should] do some basic
even with a small team helping them to understand social engineering and how to handle confidential information and have more awareness to identify those types of threats.
Safeguarding means more than data leakage prevention; it also means having good
backups of email and other data
, including regular restore testing. Outsourcing email services to a third party can be a good move for small firms, but be careful to take into consideration the kind of security that your email provider is able to provide for you, and go with a reputable firm.