Small Business the winners of the 2010 “Cyber-Target” Award

Verizon and the US Secret Service have released their annual report on Data Breaches with some interesting findings for small business owners.

First, the bad news. This, directly from the report:

“Criminals may be making a classic risk vs. reward decision and opting to “play it safe” in light of recent arrests and prosecutions following large-scale intrusions into Financial Services firms. Numerous smaller strikes on hotels, restaurants, and retailers represent a lower-risk alternative, and cybercriminals may be taking greater advantage of that option.

Therefore, one should not conclude that larger organizations were breached less often in 2010, but rather we saw a virtual explosion of breaches involving smaller organizations ”

Just where you want to be, at the epicenter of an “explosion” of criminal activity.

The reasons for the move to targeting small businesses makes sense from the criminal perspective.  They’ve created economies of scale by using refined and standardized attacks against smaller and weaker targets. Or, as the Secret Service puts it, “ This shows willingness in the cybercriminal underground to go after the smaller, easier targets that provide them with a smaller yet steady stream of compromised data.

Now, the good news.  90% of attacks are not highly sophisticated and the intrusion method is relatively straightforward. Implement the basics so attackers are not granted an easy entry to your business.

The Basics:

1) Encrypt Portable devices and Back-ups.
2) Keep your software patched.
3) Restrict User Rights to the minimum necessary for the Job / Task-at-hand.
4) Make sure no applications or equipment has the default password. This includes routers, firewalls, copiers and multifunction devices.
5) Filter and block web access to be consistent with the goals of the business / office.
6) Keep your staff aware of current security threats.
7) Keep your AV software up-to-date

Advertisements

About securitysnapshot

Security Snapshot LLC is a computer and information security company helping concerned business owners protect their reputation and their client's private and personal information.
This entry was posted in encryption, Small Business Security Tips, Software Patches. Bookmark the permalink.

One Response to Small Business the winners of the 2010 “Cyber-Target” Award

  1. Pingback: FBI agrees with Secret Service, Small and Medium sized US businesses cyber theft targets | Security Snapshot

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s