Find news, events, articles, videos, and more that answer your questions and keep you up-to-date.
Visit Resource Center
Stay informed on compliance updates
Albert Einstein once observed: “Technological progress is like an axe in the hands of a pathological criminal.”
Granted, Einstein was speaking of the threat unleashed by the atomic bomb, but his words were eerily prophetic. The recent spree of data breaches in the retail sector makes a slight paraphrase even more apt for today’s hackers: “Technology is the axe in the hands of a pathological criminal.”
Recently Target and Neiman Marcus were victims of a point-of-sale (POS) malware attack that exploited the split-second interval when unencrypted data was passed between junction points of the computer networks. Cunning, effective and virtually undetectable, this new threat demonstrates the extent to which cyber-criminals are upping their game to obtain millions of credit/debit card numbers, PINs and other personal information.
Now, you may be thinking: “I operate a small business. I don’t have to worry about anyone attacking me.” And, you’d be 100% wrong. Any business that collects and stores customer data is vulnerable to a cyber-attack. Granted, theft of customer information from a small business is unlikely to be the lead story across the nation, but for the business (and its customers) the results may be more catastrophic.
Although the headline-making breaches were highly sophisticated, most attacks simply exploit lax security practices. In fact, Verizon’s 2013 Data Breach Investigations Report found that 78 percent of the attacks were of very low or low difficulty. That means that in more than three-quarters of all breaches, attackers used basic methods that required few resources and no software customization.
That’s the bad news.The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices, such as having a firewall and encrypted email. In addition to those threshold actions, here are four simple ways to reduce your risk of a data breach.
Enforce a strict password policy. Back in the day, the protagonist in the movie “War Games” stole the password to his school’s computer system by simply looking at the password list taped to the school secretary's desk. While computer hardware and software have evolved astronomically since this 1980s classic, people have not.
In fact, the 2013 Verizon report found that three-quarters of all the breaches could be traced to weak or stolen credentials. Protect yourself by enforcing a password policy that requires long passwords (with both letters and numbers) that must be changed frequently without reusing prior passwords. Train your workers regarding the importance of keeping passwords safe.
Protect information used remotely. Sloppy data practices extend beyond password issues. Bringing work home via a USB drive or by emailing it to a personal email can expose the data to security risks. An employee’s use of personal mobile phone or tablet can also expose your data.
Begin by conducting an audit of how everyone in your business accesses data and then develop policies to ensure appropriate safeguard are in place. Require an enterprise-level firewall, anti-virus and malware programs on all devices that access company data.
Be aware of social engineering schemes. You've seen it dozens of times on television—an intruder gains access by pretending to have misplaced his (or her) key. That's a classic example of social engineering: using a pretext to trick an unsuspected person.
These tricksters exploit basic characteristics of human nature: the tendency to think well of other people and to want to help. (Two traits often stressed in providing quality customer service.) By implementing a policy that prohibits supplying information—particularly any system credentials—without approval, you provide front-line employees with a way to decline requests that might lead to data compromises.
Keep your malware protection and all software updated. Although the programs used to hack major retailers was sophisticated enough to elude detection, most attacks against small businesses can be thwarted by commercially available anti-malware programs. In the same spirit, it is essential to keep all your software programs updated. For example, a major security flaw was found recently in the Apple operating systems, prompting Apple to release a patch. But, Apple’s software patch won’t help if the end-users do not install it.
Implementing these suggestions should help you secure the data your business relies upon. However, if your business requires that you collect and retain a significant amount of customer data, particularly payment data or medical information, consider hiring a computer security consultant to review your systems and make recommendations for enhancing your data security.
More in Running Your Business