Small business defense against cybercrime
Small businesses can innocently expose themselves to cybercrime when an employee opens an email that appears to be from the CEO, not updating the anti-virus program or having a laptop lost or stolen.
Eduard Goodman, Chief Privacy Officer for Identity Theft 911 has seen an increase in small businesses being targeted for cybercrime within the last five to seven years. Highly desirable data include customer information lists and personally identifiable information such as social security numbers, dates of birth and account numbers.
A recent survey by Symantec and the National Cyber Security Alliance shows 85 percent of small business owners believe their company is safe from hackers, viruses, malware or a cyber-security breach. Sixty-nine percent rely on Internet security for their business’s success.
Yet, the same survey shows 77 percent don’t have a formal Internet security policy for employees and 49 percent don’t even have an informal policy.
So how can small businesses protect themselves?
Ensuring your business has the latest anti-virus, spyware and firewall programs is one method of protection, according to Goodman. Training on how to recognize phishing emails is essential as fraudsters will send emails from someone like the CEO of a company so employees think they have to open the email.
“Question what you’re clicking on, question where it’s coming from,” says Goodman. Have an awareness to take that extra 10 seconds to ask ‘Hey did you send me something? Is it legit?’”
How will new identity theft rules affect small business?
- Minara El-Rahman is a contributor to FindLaw’s “Free Enterprise” blog. FindLaw is owned by Thomson Reuters. -
Small business owners have new federal requirements to protect against identity theft in their businesses.
The Federal Trade Commission (FTC) estimates that over 9 million Americans are victims of identity theft annually. As a result, the FTC introduced what is known as the “red flags” rule that was slated to be enforced back in November 2009. The so-called red flags rule requires that certain creditors and organizations with covered accounts implement programs that would identify, detect and address warning signs of possible identity theft in the course of business.
According to the FTC, the red flags programs implemented by such businesses must:
- Identify relevant patterns, practices and specific forms of business activity that are “red flags” of possible identity theft.
- Detect those red flags.
- Respond appropriately to any red flags that are detected and help mitigate identity theft of consumers.
- Update the program periodically in order to ensure that the program is up to date.
Are your business plans more secure than Twitter’s?
It’s not every day that a privately-owned company’s internal financial laundry is scattered across the Web for all to see.
But that’s the unfortunate scenario microblogging startup Twitter found itself in on Wednesday after technology news site TechCrunch published a slew of the company’s confidential business documents.
The files, sent to the site by a hacker who managed to gain access to some of the company’s servers, included everything from plans to launch a Twitter reality television show to notes from its executive meetings to a detailed financial outlook from February.
Reuters tech columnist Eric Auchard provides a bit-by-bit breakdown of the financial forecast here. The outlook reveals that Twitter projected to grow to 1 billion users and rake in a $1.1 billion net profit on $1.54 billion in revenues by the end of 2013.
While Twitter co-founder Biz Stone seemed to take the news in stride, saying the financial projections are now out of date, you can bet the startup’s competitors are poring over the documents with some pleasure.
TechCrunch only published a handful of the 130 files it was sent, but the whole episode should serve as a wake-up call to startups and small businesses everywhere that there’s no such thing as too much security.
Will your business be taking any new security precautions in light of the Twitter case? Please leave your stories in the comments section.
Is it ok for Tech Crunch to publish hacked (stolen) information on their website? I don’t think it is, they should have warned Twitter about possible security flaws and their servers being hacked.
It is not just small businesses, but also small charities, churches and non-profit organisations, as they tend to be more open to communications (including emails) from others.
Bob
Administrator
Tekgia
Tekgia.com