Johannesburg - Small marketing agencies must understand that when they gain access to the intellectual property (IP) of a large company, they can be targeted by cybercriminals as a perceived “weak-link” in the security of that IP, warned Riaan Badenhorst, managing director of Kaspersky Lab, Africa.
Large companies are more likely to go to great lengths to secure the data within the confines of their organisation, but the same stringent standards aren’t often held by the third-party vendors they hire.
A 2012 Poneman Institute study showed that third-party vendors accounted for 19% of data breaches that year.
Clearly, cybercriminals see the value in targeting external agencies that have access to valuable client data, said Badenhorst.
Winning business and trust of large businesses
When a small consultancy lands a big client, the thrill of delivering a winning pitch quickly gives way to the challenges of delivering on promises.
Suddenly, these small agencies are given virtual “keys” to some of their new client’s most important business information – product road-maps, competitive positioning, sales strategies, and in-depth plans for their client’s forthcoming big product.
In doing so, the client places their trust in the SME's ability to maintain the secrecy of their intellectual property.
"Imagine having to explain to your new client that a malware infection has put this information at risk, and may have been stolen by cybercriminals," said Badenhorst.
"One security incident could be enough to sour the new relationship and put the future of the agency at risk."
What makes a small marketing agency vulnerable?
The 2013 Verizon Data Breach Investigations Report found that 20% of all network intrusions occurred at information and professional services firms.
"We can speculate that unfortunately, some of the characteristics of upstart marketing and communication service providers can make them attractive targets to cybercriminals," said Badenhorst.
"For businesses where collaboration and creativity is king, there can be security holes that need to be addressed."
Highly mobile, highly connected
Any communications professional that serves a client understands the importance of being accessible at all times.
The North American NSBA 2013 Small Business Technology Survey found that not only has laptop, tablet and smartphone usage skyrocketed in recent years, but that 60% of small businesses allow employees to telecommute.
"That adds up to a lot of sensitive data leaving the office on mobile devices that most often lack security software, and are more likely to be stolen or lost," said Badenhorst.
What to do?
Ensure that all mobile devices, including any employee-owned devices that could be used to access company data, are equipped with security software that not only protects from malware, but helps find missing devices and erases data from stolen devices.
High social media usage
Small businesses in general have adopted social media at a fast pace.
According to the NSBA, just 27% of small businesses have no social media presence, down from 53% just three years ago.
But social media is a huge vector for cyber attacks, including targeted phishing schemes using malicious links or malware-laced applications. Even with savvy-employees, it only takes one wrong click to open the door to data-stealing malware.
What to do
To help employees avoid malicious websites or content that appears to be legitimate, use security software that monitors the reputation of hyperlinks and websites, and will alert users to any potential scams.
Loose IT discipline
A seasoned marketing professional opening a new consultancy knows plenty about marketing strategy, but probably knows little about maintaining a secure IT network.
However, according to the NSBA, 40% of small business owners manage their own IT and tech support.
While owners are focusing on winning clients and hiring new employees, there’s little thought given to IT security concerns.
What to do
Find a security solution that provides protection without complex installation and maintenance, according to Badenhorst.
"The best protection against the theft of sensitive information is data encryption," he said.
"While it may sound intimidating, encryption isn’t a complex tool reserved only for big businesses."
Large companies are more likely to go to great lengths to secure the data within the confines of their organisation, but the same stringent standards aren’t often held by the third-party vendors they hire.
A 2012 Poneman Institute study showed that third-party vendors accounted for 19% of data breaches that year.
Clearly, cybercriminals see the value in targeting external agencies that have access to valuable client data, said Badenhorst.
Winning business and trust of large businesses
When a small consultancy lands a big client, the thrill of delivering a winning pitch quickly gives way to the challenges of delivering on promises.
Suddenly, these small agencies are given virtual “keys” to some of their new client’s most important business information – product road-maps, competitive positioning, sales strategies, and in-depth plans for their client’s forthcoming big product.
In doing so, the client places their trust in the SME's ability to maintain the secrecy of their intellectual property.
"Imagine having to explain to your new client that a malware infection has put this information at risk, and may have been stolen by cybercriminals," said Badenhorst.
"One security incident could be enough to sour the new relationship and put the future of the agency at risk."
What makes a small marketing agency vulnerable?
The 2013 Verizon Data Breach Investigations Report found that 20% of all network intrusions occurred at information and professional services firms.
"We can speculate that unfortunately, some of the characteristics of upstart marketing and communication service providers can make them attractive targets to cybercriminals," said Badenhorst.
"For businesses where collaboration and creativity is king, there can be security holes that need to be addressed."
Highly mobile, highly connected
Any communications professional that serves a client understands the importance of being accessible at all times.
The North American NSBA 2013 Small Business Technology Survey found that not only has laptop, tablet and smartphone usage skyrocketed in recent years, but that 60% of small businesses allow employees to telecommute.
"That adds up to a lot of sensitive data leaving the office on mobile devices that most often lack security software, and are more likely to be stolen or lost," said Badenhorst.
What to do?
Ensure that all mobile devices, including any employee-owned devices that could be used to access company data, are equipped with security software that not only protects from malware, but helps find missing devices and erases data from stolen devices.
High social media usage
Small businesses in general have adopted social media at a fast pace.
According to the NSBA, just 27% of small businesses have no social media presence, down from 53% just three years ago.
But social media is a huge vector for cyber attacks, including targeted phishing schemes using malicious links or malware-laced applications. Even with savvy-employees, it only takes one wrong click to open the door to data-stealing malware.
What to do
To help employees avoid malicious websites or content that appears to be legitimate, use security software that monitors the reputation of hyperlinks and websites, and will alert users to any potential scams.
Loose IT discipline
A seasoned marketing professional opening a new consultancy knows plenty about marketing strategy, but probably knows little about maintaining a secure IT network.
However, according to the NSBA, 40% of small business owners manage their own IT and tech support.
While owners are focusing on winning clients and hiring new employees, there’s little thought given to IT security concerns.
What to do
Find a security solution that provides protection without complex installation and maintenance, according to Badenhorst.
"The best protection against the theft of sensitive information is data encryption," he said.
"While it may sound intimidating, encryption isn’t a complex tool reserved only for big businesses."