Verizon and the US Secret Service have released their annual report on Data Breaches with some interesting findings for small business owners.
First, the bad news. This, directly from the report:
“Criminals may be making a classic risk vs. reward decision and opting to “play it safe” in light of recent arrests and prosecutions following large-scale intrusions into Financial Services firms. Numerous smaller strikes on hotels, restaurants, and retailers represent a lower-risk alternative, and cybercriminals may be taking greater advantage of that option.
Therefore, one should not conclude that larger organizations were breached less often in 2010, but rather we saw a virtual explosion of breaches involving smaller organizations ”
Just where you want to be, at the epicenter of an “explosion” of criminal activity.
The reasons for the move to targeting small businesses makes sense from the criminal perspective. They’ve created economies of scale by using refined and standardized attacks against smaller and weaker targets. Or, as the Secret Service puts it, “ This shows willingness in the cybercriminal underground to go after the smaller, easier targets that provide them with a smaller yet steady stream of compromised data.”
Now, the good news. 90% of attacks are not highly sophisticated and the intrusion method is relatively straightforward. Implement the basics so attackers are not granted an easy entry to your business.
1) Encrypt Portable devices and Back-ups.
2) Keep your software patched.
3) Restrict User Rights to the minimum necessary for the Job / Task-at-hand.
4) Make sure no applications or equipment has the default password. This includes routers, firewalls, copiers and multifunction devices.
5) Filter and block web access to be consistent with the goals of the business / office.
6) Keep your staff aware of current security threats.
7) Keep your AV software up-to-date