Small business defense against cybercrime

December 29, 2011

Small businesses can innocently expose themselves to cybercrime when an employee opens an email that appears to be from the CEO, not updating the anti-virus program or having a laptop lost or stolen.

Eduard Goodman, Chief Privacy Officer for Identity Theft 911 has seen an increase in small businesses being targeted for cybercrime within the last five to seven years. Highly desirable data include customer information lists and personally identifiable information such as social security numbers, dates of birth and account numbers.

A recent survey by Symantec and the National Cyber Security Alliance shows 85 percent of small business owners believe their company is safe from hackers, viruses, malware or a cyber-security breach. Sixty-nine percent rely on Internet security for their business’s success.

Yet, the same survey shows 77 percent don’t have a formal Internet security policy for employees and 49 percent don’t even have an informal policy.

So how can small businesses protect themselves?

Ensuring your business has the latest anti-virus, spyware and firewall programs is one method of protection, according to Goodman. Training on how to recognize phishing emails is essential as fraudsters will send emails from someone like the CEO of a company so employees think they have to open the email.

“Question what you’re clicking on, question where it’s coming from,” says Goodman. Have an awareness to take that extra 10 seconds to ask ‘Hey did you send me something? Is it legit?’”

Goodman also recommends have a written security policy. Businesses need to ensure they have insurance coverage.

“They (small businesses) don’t want to find out after an incident that they don’t have coverage, “ says Goodman. “ I believe in having a back-up plan and the insurance side of it is important. We’re not talking a bunch of money. We’re talking free to $50 to a couple of hundred dollars on an annual policy that protects them, that will provide for remediation in case something happens or even getting money back in case there’s fraud. “

Using computer patches to fix holes and problems are also essential according to Goodman. “The system hasn’t been updated so it’s running in an environment that was safe two years, but there are holes in the network they’re not paying attention because they’re not regularly sealing them up.”

The Federal Communications Commission also has a cyberplanner to help small businesses come up with a cybersecurity plan.

Goodman recommends that businesses contact their banks, insurance companies and local police as soon as they think their security has been breached.

The consequence of a security breach depends on the type of business.

“Some businesses are bricks and mortar,” says Goodman.  “They get hacked into, but there’s not a lot of data there. Others are online sellers, when they get hacked everything gets exposed.”


We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see

interesting idea for saving personal info

Posted by entienne | Report as abusive

Interesting article. Small business owners often don’t recognize the real threat fraud poses to their companies. Whether it’s cybercrime, check fraud, employee theft or customer shoplifting, small businesses need to be proactive in equipping themselves to avoid fraud. Thanks for illustrating how important it is for business owners to identify weaknesses in security and find the correct resources to help protect their businesses.

Camille Sobalvarro, Intuit Fraud Center
Website: spx
Facebook: ud-Center/310653812284116?sk=info
Twitter: @Fraud_Center

Posted by CSobalvarro | Report as abusive

It is not just small businesses, but also small charities, churches and non-profit organisations, as they tend to be more open to communications (including emails) from others.


Posted by Tekgia | Report as abusive