Cyber Security Strategies for the Small Business Market



Similar documents
Cyber Security Solutions:

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

National Cyber Security Month 2015: Daily Security Awareness Tips

Outsourcing Non-Core Functions: ADP Helps Small Businesses Hand Off Payroll and Compliance Headaches

BE SAFE ONLINE: Lesson Plan

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Online Storage Solutions:

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

2012 NCSA / Symantec. National Small Business Study

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Cybersecurity Best Practices

Cyber Self Assessment

Building a Business Case:

SMALL BUSINESS PRESENTATION

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

2012 Endpoint Security Best Practices Survey

Nine Steps to Smart Security for Small Businesses

SMALL BUSINESS PRESENTATION

Malware & Botnets. Botnets

Cyber-Security Risk in the Global Organization:

PREPARED TESTIMONY OF THE NATIONAL CYBER SECURITY ALLIANCE MICHAEL KAISER, EXECUTIVE DIRECTOR ON THE STATE OF CYBERSECURITY AND SMALL BUSINESS

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Almost 400 million people 1 fall victim to cybercrime every year.

Top tips for improved network security

Top 10 Tips to Keep Your Small Business Safe

Online Business Continuity Solutions:

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Computer Security at Columbia College. Barak Zahavy April 2010

10 Quick Tips to Mobile Security

Managing Web Security in an Increasingly Challenging Threat Landscape

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Small businesses: What you need to know about cyber security

Learn to protect yourself from Identity Theft. First National Bank can help.

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Connect Smart for Business SME TOOLKIT

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

PCI Compliance for Healthcare

Stable and Secure Network Infrastructure Benchmarks

Introduction to Computer Security

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Internet threats: steps to security for your small business

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Small businesses: What you need to know about cyber security

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

FORBIDDEN - Ethical Hacking Workshop Duration

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Why is a strong password important?

Data Security. So many businesses leave their data exposed, That doesn t mean you have to Computerbilities, Inc.

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

What Do You Mean My Cloud Data Isn t Secure?

2011 NATIONAL SMALL BUSINESS STUDY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

The SMB Cyber Security Survival Guide

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

2012 NORTON CYBERCRIME REPORT

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Business ebanking Fraud Prevention Best Practices

Cybercrimes NATIONAL CRIME PREVENTION COUNCIL

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Managing Security Risks in Modern IT Networks

How-To Guide: Cyber Security. Content Provided by

Remote Access Securing Your Employees Out of the Office

National Cyber Security Awareness Month Kicks Off Today with Official Launch Event, Business Summit and Release of Online Safety Survey

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cybercrime: risks, penalties and prevention

NEW ZEALAND S CYBER SECURITY STRATEGY

Netsafe/ AVG New Zealand. NetSafe/ AVG New Zealand. Cyber Security Research. Cyber Security Research. Supplementary Tables. March 2011.

Transcription:

ThisIsCable for Business Report Series Cyber Security Strategies for the Small Business Market White Paper Produced by BizTechReports.com Editorial Director: Lane F. Cooper Research Assistant: Will Frey

ThisIsCable for Business Reports are designed to demonstrate how new technologies enabled by cable providers help small business owners and managers address key challenges, solve problems and achieve mission critical objectives. More resources can be found at thisiscable.com/business.

page 3 Cyber Security Strategies for the Small Businesses Market introduction It s no secret that cyber-intrusions and attacks whether by viruses, malware, spyware, or other IT security breaches are on the rise in corporate America. High-profile hacks on military computers and corporate domains like Google have illustrated that new cyber security challenges are emerging as fast as experts can combat them. It s tempting to see cyber security as a problem unique to government agencies, large enterprises, or e-commerce players. While such sites are highly visible, cyber criminals are also paying closer attention than ever to so-called soft targets such as small businesses. Why? Because bad guys have learned they have more luck attacking unguarded small businesses than enterprise fortresses. Cyber crime is having enormous real consequences, which holds the potential to cripple businesses and services, says Steven Chabinsky, deputy assistant director of the FBI s Cyber Division, speaking at the GovSec/FOSE conference in Washington last March. For those of you who aren t involved in IT security, it may be hard to understand why it is so difficult to secure an organization s computer system. Chabinsky pointed out that businesses must address vulnerabilities both on the technical side and on the human side of the cyber security equation. On the technical side, businesses must secure a varied list of technologies, including web servers, e-mail servers, databases, firewalls, routers, embedded network devices, internal networks, remote access, custom applications, off-the-shelf applications, backup and storage areas, as well as telephone, PBX, and VoIP systems.

page 4 On the human side, organizations must secure their physical infrastructure, employee accesses and permissions, and connections to business and corporate partners. These are just the basics on the way to a secure network, all of which need to be monitored and updated regularly, as the technologies change constantly and so do our users, Chabinsky says. Recognize The Risk The first step for small businesses is to recognize that they re at significant risk for cyber security threats and breaches. The first step for small businesses is to recognize that they re at significant risk. Theft against our networks routinely occur while the front doors to our businesses and agencies remain well-guarded, the file cabinets remain locked, and the motion detectors remain undisturbed when we leave for the night, Chabinsky pointed out. Nothing appears to have been touched, no less stolen wholesale. And, the criminals themselves don t seem to have faces or names. As businesses large and small recognize that they are targets, more of them are rolling out IT solutions to protect their valuable assets. According to a recent study conducted by Forrester Research, 42 percent of large enterprises expect to increase IT security spending on new technologies by five percent or more this year, and 37 percent of small- and medium-size businesses (SMBs) expect to do the same. As we move out of the recession, we expect to see security investments continue to grow, although the nature of that investment is changing, noted Forrester analyst and vice president Jonathan Penn. The proliferation of consumer devices in the workplace means less central technology control, and increased risk of security problems. While data security is perennially the largest budget item for IT organizations, the greatest spending increases are in the area of network security, where 40 percent of enterprises and 36 percent of SMBs expect to spend more in 2010. More than 80 percent of businesses large and small identified the management of vulnerabilities and complex threats as a high priority in the coming year. The greatest concern for companies of all sizes is the proliferation of consumer devices in the workplace, Penn added. In general, this follows the broader trend

page 5 Only 28 percent of U.S. small businesses have formal Internet security policies. of IT losing centralized control of technology adoption, deployment, and use. It s not just consumer technology like ipods and the use of Facebook or Twitter; it also shows up in the uncontrolled proliferation of SharePoint [collaboration] sites by business groups or in the use of cloud computing services by application developers. Behind The Curve? While cyber security threats have risen dramatically, small businesses awareness and the policies and products in place to protect them have not kept pace, according to the 2009 National Small Business Cyber Security Study. This study revealed that small businesses are increasingly holding valuable information online 65 percent store customer data, 43 percent store financial records, 33 percent store credit card information, and 20 percent maintain intellectual property and other sensitive corporate content. Moreover, 65 percent of businesses claimed that the Internet was critical to their success, yet they are doing very little to ensure that their employees and systems are safe from cyber security breaches. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec, surveyed nearly 1,500 smallbusiness owners across the United States about their cyber security awareness policies and practices. While small business owners may understandably be focused on growing their business and the bottom line, it is imperative to understand that a cyber security incident can be disruptive and expensive, says NCSA Executive Director Michael Kaiser. NCSA found major gaps in the areas of security policies and employee education on security best practices. Only 28 percent of U.S. small businesses have formal Internet security policies and just 35 percent provide any training to employees about Internet safety and security. At the same time, 86 percent of firms do not have any staff solely focused on IT security. Among those small businesses that do provide cyber security training for staff, 63 percent offer fewer than five hours per year.

page 6 This lack of cyber security awareness and education leaves most U.S. small businesses at risk of losing vital customer and company data. The study found that more than nine out of 10 small businesses believe they are safe from malware and viruses based on the security practices they already have in place. However, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls, and operating systems are up-to-date, and 11 percent never check them at all. Small businesses are also largely unaware of the risks associated with wireless networks, NCSA found. Wireless networks are gateways for hackers and cyber criminals and must be secured by complex passwords. While 62 percent of the companies surveyed have wireless networks, 25 percent of them do not use password protection for these networks. This alone poses a significant security risk to affected businesses as hackers can easily steal information being passed through these wide-open networks. To the millions of very savvy entrepreneurs across our nation, our message is simple being smart about the online safety of your employees, business and customers is a critical part of doing business, says NCSA s Kaiser. Cyber security is not a nice thing to have for American businesses, it is critical to their survival. Online Banking Scams Pose Dangers For Small Business Cyber criminals increasingly are targeting small businesses that conduct financial transactions online. Go where the money is, the notorious bank robber Willie Sutton famously advised, and go there often. His tech-savvy, 21st century brothers-in-arms seem to have taken that advice to heart. According to Marian Merritt, Internet Safety Advocate at Symantec, cyber criminals increasingly are targeting small businesses and nonprofits that conduct financial transactions online. Popular tactics include what Merritt calls spear phishing, which is similar to the common practice of phishing used against individuals, but with a twist: criminals obtain information about a small company s staff or members of a church or other nonprofit, then use those details to craft more sophisticated emails that appear more convincing. Dangerous links could be addressed to a company s administrator and contain the company s name or other details that cyber crooks can get from the company s website or via search engines like Google.

page 7 Merritt offers the following security advice to small businesses that engage in online transactions: Use complete and up-to-date security software. Ensure that operating systems and browsers are up to date, because many patches include security improvements. Never use links in emails to access a transaction or financial web site. Always type the URLs into browsers directly. Monitor online accounts regularly; set up fraud alerts and other safety measures from the bank or investment company. Never use a shared or public computer for financial transactions or even to check balances. Log out fully from a site when completing a transaction. Invest in a password manager such as Norton Identity Safe, which can defeat a keystroke logger by automatically filling in webpage passwords with encrypted data, or bypassing the keyboard entirely. conclusion For small businesses that rely on the Internet and information technology, the cyber security challenge is one of balancing competing interests. In a tough economy, a penny saved is a penny earned. But it s also true that an ounce of prevention is worth a pound of cure. So how do small businesses best balance those seemingly competing interests when it comes to cyber security? First, by coming to terms with the fact that cyber crime never sleeps. Small businesses are soft targets that increasingly are coming under attack. Here s the good news: there are affordable policies and products on the market that can make a big difference.

page 8 For example, below is a list of the ten fundamental steps developed by the National Institute of Standards and Technology (NIST) that can help small businesses to safeguard their IT family jewels : The National Institute of Standards and Technology has developed ten fundamental steps to help small businesses protect their online assets. 1. Protect information/systems/networks from damage by viruses, spyware, and other malicious code. 2. Provide security for your Internet connection. 3. Install and activate software firewalls on all your business systems. 4. Patch your operating systems and applications. 5. Make backup copies of important business data/information. 6. Control physical access to your computers and network components. 7. Secure your wireless access point and networks. 8. Train your employees in basic security principles. 9. Require individual user accounts for each employee on business computers and for business applications. 10. Limit employee access to data and information, and limit authority to install software. sources Business online banking www.usatoday.com/tech/news/computersecurity/2009-12-30-cybercrimesmall-business-online-banking_n.htm Forrester Research www.forrester.com/er/press/release/0,1769,1320,00.html National Cyber Security Alliance www.staysafeonline.org/content/2009-smb-security-study National Institute of Standards and Technology, Small Business Information Security: The Fundamentals csrc.nist.gov/publications/drafts/ir-7621/draft-nistir-7621.pdf Stephen Chabinsky, deputy assistant director, Cyber Division Federal Bureau of Investigation GovSec/FOSE Keynote Speech www.fbi.gov/pressrel/speeches/chabinsky032310.htm

About BizTechReports.com BizTechReports.Com is an independent reporting agency with offices in Washington, DC and the San Francisco Bay Area that analyzes user trends in business technology. BizTechReports.Com explores the role that technology products and services play in the overall economy and/or in specific vertical industries. For more BizTechReports.Com white papers, case studies and research reports, visit www.biztechreports.com. About This Is Cable ThisIsCable.com Business Report Series is an initiative of CTAM, the Cable & Telecommunications Association for Marketing, which is dedicated to helping the cable business grow. Cable companies supporting the initiative include: Armstrong; Atlantic Broadband Business; Bend Broadband Business; Bright House Networks Business Solutions; Cable One Business; Charter Business; Comcast Business Class; Cox Business; Insight Business; Mediacom Business; Optimum Business; Rogers Cable; Suddenlink Business and Time Warner Cable Business Class. Small business owners can learn about the initiative at www.thisiscable.com/business.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information