Small business owners might think they are flying under the radar of cyber criminals, but, unfortunately, no one is immune to computer attacks. Cyber criminals are trying to get data such as financial records, computer logins and passwords. They also use small business owners’ computers as jumping off points for additional attacks so the virus can’t be traced back to them. Here is a look at some computer threats small businesses might face in 2013, according to FOXBusiness.
Ransomware is a relatively new cyber attack that could become more common in 2013. It started in Russia and is making its way to other countries, says Tom Powledge, Symantec’s VP of product delivery, SMB and .Cloud. Basically, a cyber criminal would infect the business owner’s PC, take it over and encrypt the program files on the computer so it locks up. An example of a ransomware type attack is one in which an annoying box appears in the center of the computer screen. In order to get rid of it, users have to “complete an offer,” which means spending money or giving up personal information. In return they get a code that will unlock the malware and make the box disappear.
In addition, 2013 is likely to bring a new trend of personal and corporate data stored on smartphones and tablets being targeted, according to Kaspersky Lab. Kaspersky predicts that new sophisticated attacks will not only go after the Android platform but Apple devices as well. Mobile adware bombards the mobile phone user with advertisements similar to pop up ads infected PCs had to endure years ago. Cyber criminals also are expected to continue to try and steal data when people are using their mobile phones on public Wi-Fi networks.
By setting up proper defenses against cyber criminals and attacks, however, shopkeepers can protect their businesses from destructive data breaches. As reported by FOXBusiness, Alan Berkson, founder and principal at Intelligist Group, recommends implementing the following security precautions.
- Most security breaches come from within, so it is important to educate employees on the proper use of the Internet, logins and passwords.
- Planning and risk assessment are an important aspect of the security equation. Determine what you are trying to protect, sensitive data, at rest or in motion, and what critical business applications you cannot do without for a period of time.
- If considering moving data and applications into the cloud, a risk assessment will allow you to understand where to focus your security controls and decide what is suitable for the cloud. Make sure your cloud service provider’s policies and controls align with your requirements as well as your budget. Remember, no matter how good your service provider is, the final responsibility for your enterprise is yours. Maintain your own documentation, security controls and, where possible, do not give the encryption key to your cloud provider.
- Policies covering password complexity, identity management, two factor authentication and even how often passwords need to be changed play a strong role in overall enterprise security.
- Monitor your security system. The sooner you know about a problem, the more quickly you can act to limit damage.
- Data recovery should be part of your security plan so back up your data.
- Anywhere your enterprise touches the outside world represents a threat. Whether it’s viruses, malware, malicious interlopers or simply script kiddies, be sure you cover the basics of endpoint protection.
- Whether as in internal process or executed by third party, intrusion detection and penetration testing should be a staple in your security regimen. This should include both internal and cloud services. Many cloud service providers will supply reports of recent tests upon request.
Small business owners, while not immune to cyber attacks, do not have to let cyber criminals impact their businesses. By putting security measures in place, independent retailers can enjoy a safe and prosperous New Year.