BreachExchange mailing list archives
No, Your Small Business Is Not Safe From Cyber Attacks
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 30 Oct 2013 01:43:15 -0000
http://www.huffingtonpost.com/mike-pugh/no-your-small-business-is_b_4164015.html Comedy legend Jerry Seinfeld has a clever bit on how little we worry about our safety when we're in a taxicab. "They've got that glass partition in front of you," Jerry says, "so it's like you're watching the whole thing happen on television." Jerry then points out that no matter how dangerously the cab driver weaves through traffic, we remain completely unworried. We just sit back calmly and think, "Wow, that looked dangerous. I don't think I'd try that in my car." How is this relevant to a discussion of Cyber Security? As small business owners and members of the general public, we tend to take in the ever-present news of the latest electronic security breach with the same level of detached fascination. JPMorgan Chase had its customer data stolen? Wow! That's going to require some PR damage control. Pentagon computers were breached? I thought that only happened in the movies. Twitter was hacked by the Syrian Army? Amazing! What's left unsaid throughout all of these attacks -- but what many of us are probably thinking -- is that they make logical sense because the targets are large, public and offer something valuable to the attackers: national-security information, vast sums of money, etc. But, we reason, our small business isn't under the same constant threat. After all, we're just a small provider of fill-in-the-blank. No one would even bother trying to hack our systems, right? Wrong. Smaller targets can mean big rewards for cyber criminals Small and medium-sized businesses are equally susceptible to attacks from hackers as are large entities and even government agencies. According to the National Cyber Security Alliance, an astonishing one in five small businesses falls victim to cyber crime each year. Even more frightening: According to an August 2013 story in PCWorld, of those small businesses whose systems are breached, roughly 60 percent go out of business within six months after the attack. Why do hackers, data thieves and other cyber criminals target small businesses? Several reasons. First, gaining illegal access to a smaller firm's data can help a cyber criminal later hack into a larger entity -- because these smaller companies often do business with large firms and have passwords and other electronic access to their systems. Why try to break into the big bank directly, when you can just sneak into a tiny company that does business with that bank, and steal its access? Another reason hackers target the computer networks of smaller firms is that they assume -- often correctly -- that these small businesses have less sophisticated cyber security in place and do not enforce the same level of data-protection protocols as their larger-firm counterparts. According to a 2013 Internal Threat Report from data security provider Symantec, 31 percent of targeted cyber attacks in 2012 were leveled against businesses with fewer than 250 employees. The report further points out that this represents a massive jump from 18 percent in the previous year. Cyber criminals are targeting small businesses in increasing numbers. And yet Symantec has also found that an incredible two-thirds of small and medium-sized businesses do not worry about cyber attacks. Perhaps hackers are reading these reports as well. Smart phones: the walking security threat Contrary to a common misconception, cyber attackers don't limit their targets only to the web or to businesses' data servers. Clever hackers have found they can also steal sensitive electronic information by targeting mobile devices, often through hacking voicemail. As eVoice's 2013 "Device Vice" Survey Data finds, our mobile phones play an increasingly prominent and essential role in our business lives, making them a juicy target for cyber threats. Consider: • 36 percent of small business professionals use three or more mobile devices to run their business. Each of those is a point of risk, not only for loss or theft, but now also for attack. • 32 percent give their mobile number out to customers, 19 percent give it out to partners or investors, and 18 percent give it to vendors. That means your contact list, call log, and voicemail contain valuable information about your business. • 35 percent of small business professionals text every day for business. No longer just for chit chat with friends, your text messages now expose business information, too. So how can you protect your business's mission-critical mobile information from cyber attacks? Here are a few simple, yet effective suggestions. Mobile data security tips from eVoice 1. Password Protect your Devices Out of convenience, many people do not use the password feature on their phones and tablets, the thought being "Who wants to type in a password every time their phone buzzes?" Mistake! Keeping someone from ever activating your device is your first line of defense. 2. The Bigger the Better A six-digit PIN is better than a four-digit PIN. It's also important never to use a device, email, or voicemail password that is the same as your banking PIN. 3. Change Your Pin for Extra Security Never use the default PIN provided to you by your service provider. Small business owners should change their PIN right away. In addition, create a new PIN every few months for an added layer of security. 4. Leverage the Cloud Even if your mobile phone is your only phone, you can separate your business use from your personal use, virtually. Services like eVoice give you a separate business phone number that routes calls anywhere. Someone stole your iPhone? Re-route your business calls to another phone so you--not the thief--gets the call or voicemail.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- No, Your Small Business Is Not Safe From Cyber Attacks Audrey McNeil (Oct 30)