If you’re a small business, don’t be under the illusion that you’re too small for singling out by hackers. You could be one of the growing number of small businesses who have moved into the cyber crime spotlight.
According to Symantec Security Response, 50% of all targeted cyber attacks are on businesses with fewer than 2,500 employees. In 2012, businesses with fewer than 250 employees saw an increase in attacks from 18% to 31% in just one year.
The top businesses and occupations targeted are:
- Manufacturing – received the greatest number of attacks in 2012; at 24% of the attacks, they got twice the number as government organizations.
- Finance, Real Estate, and Insurance – hit with 19% of the attacks.
- Research and Development – highest target for job occupations at 27%.
- Sales Representatives – 24% of targeted job occupations.
So what are cyber criminals looking for? When you look at the use of the stolen data, the information tells us they want trade secrets, products plans, and customer and employee data. All your proprietary information that can be used to help competitors gain an advantage or be sold to unscrupulous organizations. Your social security and driver’s license numbers, addresses, credit card numbers, health and financial history, purchase information, and other private details are up for grabs.
The news is continually warning us about data breaches that occur at all levels and includes major retailers, hotel chains, government organizations, and other businesses. In July the headlines were about the breach on government systems affecting 21.5 million people and is related to the previous month’s government breach compromising an additional 4 million with stolen sensitive information.
This government incident is “not without precedent,” and “cybersecurity in both the private sector and the public sector” must be raised, said Michael Daniel, the White House cybersecurity coordinator.
Cybersecurity has been a documented issue going back to 1997. In a cover letter to the President on the Report of the President’s Commission on Critical Infrastructure Protection, it reads, “We did find widespread capability to exploit infrastructure vulnerabilities. The capability to do harm—particularly through information networks—is real; it is growing at an alarming rate; and we have little defense against it.”
So what are we doing about it? What measures should you be taking to protect confidential business data and private personal information?
INTERPOL, the world’s largest international police organization with 190 member countries, is committed to becoming a global coordination body on the detection and prevention of digital crimes. They advise that we do two things to protect our business and personal data.
Update your OpenSSL.
For website owners, it’s important that you have an updated OpenSSL. The Heartbleed vulnerability in encryption software which is used by the majority of online web servers is leaving nearly everyone open to one of the biggest cyberattacks in the internet’s history.
Heartbleed lets its attacker anonymously download a random chunk of memory from the server, including secret keys, passwords, and other personal information. The secret keys are the most problematic because this opens the door for even more secret information to be revealed.
The bug went undiscovered for two years until being uncovered in April of 2014, and it’s predicted that the ripple effects could continue for years. Vulnerable versions are still being used on websites, most likely small e-commerce sites that don’t have the administrative support to patch things up.
If you’re concerned about a website, you can use this handy Heartbleed checking tool to check if it’s vulnerable.
Speaking of updating, keep all your software programs and websites up to date and backed up for added security.
Change your passwords.
INTERPOL says to use unique passwords for each of your online accounts and to change them often. While this may be wise in theory, in reality it’s difficult to carry out. Start by changing important accounts, ones that have financial information on them, for example.
Create strong passwords that are at least eight characters long and use a combination of letters, numbers, and symbols. Don’t use words from the dictionary (the use of symbols comes in handy here) and don’t use personal information that is readily available, such as your name, birth date, or apartment number.
What else can you do? Here are a few more preventative measures to use in protecting yourself from cybercrime.
Get two-factor authentication.
When a site offers this step, use it. If you are a site owner, enable it for your customers and subscribers. One of the largest attacks on banks occurred in 2014 when failure to enact two-factor authentication at one of the bank’s servers caused a weak point in the bank’s security, allowing the hackers to access 90 other servers in their network.
Be careful what you click on.
One of the ways hackers manage to steal information is through infecting your computer. Malware such as remote-control Trojan programs, worms, viruses, and botnets can affect computers using sophisticated techniques.
Spam email, infected files on downloads, and malicious pop-ups and links can all infect your computer, which in turn can be used by hackers to launch DoS attacks or send spam with even more malware.
Always think twice before going to a website that’s unknown to you, and if you do, type a legitimate address in a new browser tab instead of clicking on a suspicious link. Never trust an email from an unknown source.
Put barriers in place.
Utilize the best tech barriers you can afford, like this cloud-based security app for mobile phones. Anyone operating their computer without some serious security software is taking a huge risk. Install and regularly update virus protection and adware/spyware removal software programs to keep malicious applications from invading your privacy.
Good luck — it’s a digital wild west out there.