Cyber security growing problem for small business

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.azcentral.com/story/money/business/abg/2014/07/27/cyber-security-growing-problem-small-business/13242313/

It's called cyber security, Internet security, data theft or a variety of
other names.

But whatever you call it, the problem is growing for small businesses of
all kinds. From T-shirt makers, medical offices and wine shops, to sporting
goods stores, dog kennels and non-profits, small businesses are falling
victim to data theft and other types of "cybercrimes" at a high rate.

Some experts are even calling it an epidemic, with small merchants as the
easiest targets.

Business owners tend to think of computer or data security as a problem
that mostly involves hackers who indiscriminately target different
businesses. But that's only one part of it. Disgruntled vendors have been
known to steal data in order to hurt a business that dumped them.
Ex-employees sometimes steal data to turn a profit, and of course thieves
sometimes make off with desktop computers, laptops and mobile devices.

According to the National Small Business Association, 44 percent of small
businesses say they've been victimized by a cybercrime of some kind at
least once. And the cost of those crimes averaged nearly $9,000 each to
rectify. Part of the cost is notifying customers of a data theft that might
compromise their personal credit or other information. Nearly every state
now requires businesses to tell customers if personal data has been lost or
stolen.

But that cost can pale in comparison to the other damage a data breach can
inflict. When a small business has been hit, customers can stop shopping
there, or post bad reviews on social media. Your reputation can take a big
hit.

One problem is that some business owners or employees use company computers
to access sites and networks that can secretly infect the computers with
viruses and malware. Other businesses simply don't keep anti-virus software
current because it's too much trouble.

Here are seven of the most important things you can do to prevent problems:

1. Keep clean machines: Your computers should be equipped with the latest
security software, web browsers and operating systems. This simple step is
the best defense against viruses, malware and other online threats that are
constantly changing. Install key software updates as soon as they are
available and set antivirus software to run a scan after each update.

2. Secure your Wi-Fi networks: If you have a Wi-Fi network for your
workplace, make sure it is secure, encrypted and hidden. To hide your Wi-Fi
network, set up your wireless access point or router so it does not
broadcast the network name, known as the Service Set Identifier (SSID).
Password protect access to the router.

3. Provide firewall security for your Internet connection: A firewall is a
set of related programs that prevent outsiders from accessing data on a
private network. Make sure your operating system's firewall is enabled or
install free firewall software available online. If employees work from
home, ensure that their home systems are protected by a firewall as well.

4. Control physical access to your computers and create user accounts for
each person: Prevent access or use of business computers by unauthorized
individuals. Laptops can be particularly easy targets for theft or can be
lost, so lock them up when unattended. Make sure a separate user account is
created for each employee. Administrative privileges should only be given
to trusted IT staff and key personnel.

5. Protect payment card systems and information: Work with banks or card
processors to ensure the most trusted and validated tools and anti-fraud
services are being used. You may have certain security obligations under
agreements with your bank or processor, so make sure you know your
liabilities. Isolate payment systems from other, less secure programs and
don't use the same computer to process payments and surf the Internet.

6. Limit authority to install software and access information: Don't
provide any single employee with access to all data systems. Employees
should only be given access to the specific data systems that they need for
their jobs, and should not be able to install software without permission.

7. Get tough on passwords: Require employees to use strong passwords and
change them every three to six months. Consider implementing multifactor
authentication that requires additional information beyond a password to
gain entry

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!