Aug 23, 2013

How Worried Should Small Businesses Be Regarding Cyber Security?

This isn’t breaking news: cyber attacks are on the rise. By some estimates, network-based attacks, such as DDOS (short for Distributed Denial of Services), which have the ability to take down large computing networks, have increased by 700 percent this year. Targeted DDOS attacks against internet service providers, domain registrars, web hosting providers, and individual businesses have been known to cripple thousands of websites simultaneously for extended periods of time. Instances of hacking—or cyber intrusion tactics—have also become increasingly brazen and widespread. In July, 2013 federal prosecutors indicted five hackers in what is being called the largest data-theft ring in U.S. history, their victims as varied as J.C. Penny, JetBlue, and NASDAQ. Even major technology brands, like Apple, who possess near-limitless resources to protect themselves against such attacks, are vulnerable. A recent security breach shut down its developer website, causing the Cupertino giant to issue an apology with an admission that personal data of some of its third-party app developers—a relationship worth billions to Apple—may have been accessed. So, as small-business owners, how worried should you be? After all, if Apple is vulnerable, what chance do small businesses stand? A recent report from cybersecurity firm McAfee might offer us a good point of reference. According to this report, released earlier this month, the costs associated with criminal cyber activity in the U.S. alone may be as much as $140 billion—and a half-million American jobs—annually. The report also included this interesting point of comparison: the annual costs of car crashes in the U.S., which is estimated to be anywhere between $99 and $168 billion. Auto accidents, as it turns out, provide us with a nice analogy when it comes to how much we should worry about—and how we should prepare for—malicious and targeted cyber activity against our businesses and livelihoods. With driving, most of us choose to mitigate our risks a number of ways. It involves training, awareness, the safety standards of our vehicles, and, of course, insurance coverage. As most of us understand, our chances of being involved in an auto accident are relatively high; and, as it turns out, so are our chances of being a victim or target of cybercrime. In fact, it’s much more likely that your small business will fall prey to a cyber attack. According to a survey authored by the Ponemon Institute, a research firm that conducts independent research on privacy, data protection, and information security policy, more than half of U.S. small businesses experienced at least one data breach. In today’s world of constant risk-assessment, that’s a pretty big risk to be left unmitigated. Luckily, there are a few relatively simple—but critical—steps your business can take immediately to protect itself. How to Prevent Cyber Crime Prevention will always be your best line of defense against cyber criminals. Like any other criminal activity, those most vulnerable tend to be the first targeted. Ideally, you’ll want to work with a IT security expert to assess your specific needs and vulnerabilities, but there are certainly some universal steps you can take that will greatly reduce your likelihood of attack. Prevention, Step One: Education and Training You wouldn’t let your unlicensed employees drive your company van, would you? Like driving, you and any employees that have access to your business network must have a foundational education before taking the wheel. What are your security policies? Are they well defined? Do all your employees understand the most common hacking tactics, such as phishing, social engineering, or packet sniffing (to name just a few)? Education and awareness across your staff will go a long way to protect yourself against many types of cybercrime. Prevention, Step Two: Securing Computers, Digital Assets, and Networking How safe is your vehicle? Sure, small-business budgets are tight, and finding ways to save is always going to be a priority for small-business owners, but most of us wouldn’t drive without our seat belts securely latched or in a car without basic safety features. There are some things you can’t simply cut corners on—and it will save you an incredible amount of money in the long run when considering the risks. Is all software housed within your network continually up to date? Exploits in software are very common ways hackers gain access to systems and sensitive data. Updating software on network-connected machines should always be a top priority. Do you have business-class antivirus software installed (and up to date) on all office workstations and servers? Leading antivirus software can detect, remove, and protect your machines and network from malware. Do you scan your website or web applications for malware? Many of us are used to checking for viruses and malware on our personal computers, but don’t realize that websites and web applications are just as susceptible. Do you have reliable backups of all of your critical data? Recovering from many types of common cybercrimes often involves restoring your data from a point prior to the event in question. Not having reliable and securely stored backups of your data is a significant liability. Is your network equipped to handle network-specific attacks? Earlier, we mentioned a common type of network attack called a DDOS. Unsophisticated networks are particularly susceptible to these, as DDOS mitigation devices and tools often require enterprise-sized budgets. If you own a small business, this type of luxury wouldn’t normally be practical, financially speaking. However, with the growing adoption of cloud and utility computing services, using a quality cloud-computing partner— one that has already invested the necessary capital to protect its network—is a cost-effective solution. How to Detect if your Website or Business Machines Have Been Compromised Cyber attacks and security breaches are often difficult to detect by design, so it’s important that you’re diligent about the preventative steps already discussed. Up-to-date antivirus software will continue to detected known issues, even after your machines or website becomes infected. The most obvious indicator of a security issue is the performance and activity of your website and business machines. Is your email server sending out spam e-mail, or do you see a jump in inbound/outbound traffic from machines within your network? If yes, that could be a sign that one or more of your systems has been compromised, and is now under the control of a hacker. Are you monitoring your machines for unknown programs that have been installed? These unknown programs could be an indication of a compromised machine. Is your website, application, or server slowing to a crawl, or becoming unresponsive altogether? While there are many reasons that could cause performance issues, any extended issue in this respect could be an indication of a network-based cyber attack. Another tool to consider is a website scanning service that will check your website for security issues and vulnerabilities.