Tips for Avoiding Cyber Crime
- Author Dawn Brister
- Published August 8, 2010
- Word count 1,193
Editor's note: One-third of all data breaches occur in small businesses: the following piece provides excellent tips for protecting your small business. It was written by freelancer Jason Turbow for BizWise, the monthly Cisco newsletter for business owners.
In January, a credit card payment-processing company found malicious software on its network. It had compromised the private customer information held by more than 200 financial institutions. A month before that, a U.S. payment processor suffered cyber attacks on its ATM records that affected 1.1 million people and resulted in $9 million in customer losses. A cyber-crime battle has broken out across business networks nationwide, and it's not just enterprises in the line of fire. A study by Verizon Communications released in April found that one third of all 2008 data breaches came at the expense of businesses with 100 employees or less. The scale of these breaches might not compare with those at their enterprise counterparts, but for small businesses, the sting of malware, botnets and Trojan horses can be just as sharp.
"A small business' attention to customers has to remain paramount," says John N. Stewart, vice president and chief security officer at Cisco. "Security aimed at protecting your customers' information - as well as your own - must be an integral part of how you operate."
Even as threats grow more exotic, small business owners can take some basic steps to reduce the risk of falling victim.
Step 1: Treat Your Business Like a Business
For many small businesses without dedicated IT personnel, the answer to technological needs is often a trip to the local retail store for an easily deployed piece of hardware. This saves on installation hassles, but it can also open up sensitive information to outside intruders. As a whole, built-in security features on devices designed for home use don't come close to those made for even the smallest businesses.
"You can still walk into many small businesses and see an entry-level device that's fine for a home, but totally insufficient for a business entity," says Ryan Halper, president of Cynnex Networks, a technology-support company in Seattle. "You need to go one step beyond that if you have any type of business-critical, sensitive information to protect."
Even business-class hardware that doesn't provide security as a primary function - routers, for example - can provide important layers of protection when it comes to securing a network.
Step 2: Protect the Perimeter
An effective firewall essentially serves as a virtual barrier between your network and the outside world. "Firewall protection should be obvious, but with many of our small business customers we see less than what we consider to be minimum perimeter security," says Cynnex's Halper.
Even entry-level business-class firewalls provide essential security features such as packet inspection (to verify every piece of data that passes through them) and intrusion protection. Firewalls can also function on a "white-list" basis, allowing nothing but data from approved domains to enter the network. This is especially important when it comes to the subset of malware-infected sites and e-mail attempting to pass itself off as having come from a legitimate organization. "It doesn't matter what it looks like, it matters what it is," says Stewart, the Cisco chief security officer.
Step 3: Stay Updated
The people who create malware are both smart and relentless. Should new security technology effectively block their efforts, they simply adjust their tactics until they're able to avoid the existing traps. For an example, look no farther than spam. Just a couple years ago junk e-mail was among the top security issues facing business networks, until a spate of anti-spam vendors stepped in and eradicated much of the risk. Problem solved? Not quite. Spammers got more creative, and soon the anti-spam contingent was once again scrambling to keep up.
"I just need to look at my in-box for confirmation of this," says Charles Kolodgy, research director of security products for market research and analysis firm IDC. "I'll get a lot of items that should have been filtered, then three to five days later, my e-mail will go back to normal as the anti-spam programs figure out what this spam is doing and either block or quarantine it."
"If the company whose security measure you're using says there is a new version, you have to get it, evaluate it, and ideally, deploy it," says Stewart. "You absolutely have to keep your security posture current."
Step 4: Pay Attention
Botnets - collections of malware-infected machines that can be unwittingly controlled by a third party for nefarious activities such as mass spamming - are especially dangerous because there's often little tactile evidence they're even present. The best botnets work in the background, offering slightly slower processor speed as the primary clue to their activity.
"You really have to look at your logs, which is something small businesses aren't usually doing," says Kolodgy. "See what communications are going on. Look at network traffic going to strange IP addresses at various times during the day - places that a business might have no reason to contact, like Russia or China."
Numerous security companies have placed defense against botnets among their priorities, making updated anti-virus subscriptions and software patches all the more vital.
Step 5: Protect Yourself from the Inside
In January, a study from Purdue's Krannert School of Management quoted 46 percent of the American companies it surveyed saying that "laid-off employees are the biggest threat caused by the economic downturn." A prime example of this happened last year when Terry Childs, a disgruntled network administrator for the city of San Francisco, sat in jail for five days while refusing to divulge the passwords he used to effectively lock the government out of its own municipal data. Most small businesses don't have an employee with the same combination of knowhow and ill intentions, but that hardly grants them immunity from the problem. Cynnex's Halper recommends that companies employ a containment strategy, allowing employees to access only the portions of the network necessary to their duties. Similarly, network privileges can limit the types of tasks that can be executed from a given workstation, eliminating many options for those who seek to do something outside the scope of their regular job duties.
But it isn't just disgruntled employees who may create security breaches; employees who don't know how to properly protect assets can also pose a risk.
"The blending of work vs. home and public vs. private means that data can be accessed, transmitted, stored and stolen from anywhere at any time," said Stewart. "As a result, the approach to data protection must change."
That means businesses must foster a security-aware culture in which protecting data is a normal and natural part of every employee's job, providing the tools and education that employees need to keep their businesses secure.
"Everyone in the company has to understand why they're protecting what they're protecting," says Stewart. "It's one thing to tell everyone to lock the door on the way out, but they really have to understand why they're locking the door. They need to know that if we lose this data, it's business-impacting and possibly business-threatening. We must understand that we're not just protecting our customers - we're protecting ourselves."
Dawn Brister, Editorial Director of Cisco Innovators Forum, and her team of guest bloggers interviews experts, entrepreneurs and authors on how to run a small business better. To learn more about small business best practices and the technologies behind them, visit www.CiscoInnovators.com.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- How to prepare for a house clearance, a few tips from experts
- Adapting to Rising Parcel Rates in 2024 with Business Central and Order Ship Express
- Not All LED Lights Are Created Equal
- Zoviz Launches New Solutions Day by Day to Users as An AI Logo Maker
- Campervan Maintenance: All You Need to Know
- Fighting the Silent Epidemic: Safeguard Your Child's Future with Vitamin D Screening at KinderCure | Dr. Garima Mengi
- 5 Inspiring Stories of Women Who Achieved Gorgeous Lashes with Careprost Eye Drops
- Is Your Finance Strategy Ready for ERP Software?
- A Beginner's Guide to Starting a Career in Web3
- The Vital Role Of The Courier Industry: Connecting People, Businesses, And Communities
- Learning From Successes And Setbacks: The Importance Of Post-Bid Analysis In Professional Bid Writing
- Music And Identity: Exploring The Role Of Music In Shaping Culture And Identity
- Demystifying Dental Myths: Separating Fact From Fiction
- Expert and Little Known Tips for Limestone Floor Maintenance
- Explanation of how to improve the quality of low-resolution videos
- Do Compelling Marketing Pictures Unlock Sales Potential?
- Combining Science and Aesthetics: The Practical Benefits of Veneers
- These are my thoughts about the audience, topics, and purpose of my writing.
- Enhancing Child Health with Mindfulness: Insights from KinderCure’s Dr. Garima Mengi
- Blast Off into Adventure: 15 Must-Read Science Fiction Books!
- The Journey to Self-Love: Embracing Your Inner Worth
- Is Laser Eye Surgery A Permanent Fix?
- Gaslighting Tactics Exposed: Strategies for Combatting Psychological Abuse
- The Remarkable Role of Cellulose in Weight Management
- Advanced Rolfing Fort Worth Dallas & Power Yoga
- Advanced Rolfing Fort Worth Dallas Is The New #1 Paradigm Pain Manager
- 5 Powerful Benefits Of Certified Advanced Rolfing In Fort Worth: Discover A New Level Of Well Being
- 7 Life Changing Benefits of Advanced Rolfing Fort Worth Dallas You Need to Experience
- Advanced Rolfing Fort Worth Dallas | 10+ Benefits For Orthopedic Health
- Advanced Rolfing Fort Worth Dallas & Advanced Rolf Movement