Today, Mike Cote, Vice President, Dell SecureWorks offers some insight to growing businesses in how to keep their business as secure as possible.
With the diversity of security attacks globally, it is becoming increasingly difficult and complex for small and medium-sized businesses to assemble the right in-house resources to protect themselves against cyber threats, whether it’s a data breach through the network, data leakage by employees, or lost laptops or mobile devices. We have seen an uptick in the number of court cases, where SMBs have had six-figure amounts stolen from their bank account by cyber thieves. The liability for these breaches is shifting to the CIOs and IT managers, as SMBs are accused of not taking the appropriate precautions to protect their data. The need for comprehensive information security is more pressing now than ever before.
According to estimates, cyber crooks are stealing as much as $1 billion a year from SMBs in the U.S. and Europe. One startling example of the effects of increased security liability for SMBs lies with a small, family-owned construction company in Maine, PATCO Construction. PATCO was victim to a cybercrime that cost the company half a million dollars in 2009. While the bank was able to recover about $150,000, the construction company sued the bank for the remaining $350,000. In May 2011, the court ruled in favor of the bank claiming that the bank followed Federal Financial Institutions Examination Council (FFIEC) guidelines set in 2005 for multifactor authentication for online banking, leaving PATCO unable to recover the hundreds of thousands of dollars lost.
Another example is with California demolition firm, Ferma. During the summer of 2009, an employee clicked on a link and was led to a malicious website run by online criminals who used the compromised computer to steal nearly half a million dollars from their bank. Ferma was able to recover approximately 60 percent of the lost money. However, according to Ferma’s president, the bank refused to repay the remainder and withheld at least $50,000 in additional funds until Ferma agreed to sign a document saying they would not sue the bank for the remaining losses.
A single financial attack could put a smaller organization out of business or irrevocably cut into annual profits for a medium-sized business. The implications of a financial breach can be a matter of life or death for SMBs.
Here are 8 simple steps to help protect financial data and minimize risk:
- Use a dedicated computer for financial matters such as online banking and bill pay. That computer should not be used for extraneous activities such as sending and receiving emails or surfing the Web. Web exploits and malicious email are two key infection vectors for malware.
- Avoid clicking on links or attachments within emails from untrusted sources. Even if you recognize the sender, if an attachment is unexpected or looks suspicious, you should confirm that the sender has sent the specific email before clicking on any links or attachments.
- Reconcile your banking statements on a regular basis with online banking and/or credit card activity to immediately identify abnormal transactions that may indicate account takeover.
- Advise your employees against visiting small, hosted websites that feature community forums for hobbies involving sports, computer games, etc. These small community forums are often hosted by Internet Service Providers which are not diligent about securing their hosted websites.
- If you are visiting a website and are not sure if it has been secured from viruses, observe the quality of the site. Watch out if the website appears to be quickly put together and is not sophisticated or has a disclaimer that warns browse at your own risk and indicates the authors are not liable for any information you might see on the site.
- Make sure you have your security protections in place throughout the organization and install regular updates for your applications and for your computer’s operating system.
- Be cautious about installing software (especially software that is too good to be true – e.g. download accelerators, spyware removal tools, etc.), and be cautious of pop-ups from websites asking users to download/execute/or run otherwise privileged operations. Often this free software and these pop-ups have malware embedded.
- Do your homework before selecting an anti-virus vendor, ensuring that they not only provide coverage for the key threats but also respond quickly with protections when new ones are introduced. Invest in an anti-virus product instead of using “trial versions” as your source of protection. Trial versions of anti-virus products are good for testing products but they do not receive updates, so any new virus that is introduced after the trial version was released will have total access to your PC.
The bottom line: It’s much more expensive to deal with the consequences of a financial breach than it is to prevent one. Don’t wait until the last minute to find out just how essential it is and start putting your security precautions into place before it’s too late.