WaterlooSecurity   Contact Us   888.947.2549 (24 hrs)

Small Business Cybercrime is Going Through the Roof.

By Doug Blakey, WaterlooSecurity

Have You Been Hit Yet?

Internet hacking used to be rare; typical hackers were students looking to cause mischief. Today, the situation is very different. Motivated by greed, criminals have changed the cybercrime landscape. A recent study examines how cybercrime has increased substantially – both in volume and sophistication. (1) Traditional counter-measures like firewall and anti-virus protection are no longer enough. In fact, some organizations may be operating unaware that their security has already been compromised.

Small businesses are at particular risk. Large organizations spend huge sums and are having some success. Reuters interviewed Shawn Henry of the FBI’s Cyber Division. The report stated “Cybercriminals are now looking beyond large companies, which in the past 10 years have bolstered security on their networks…and…criminals are attacking small and medium-sized companies that don’t have the inclination, money or expertise to prevent cybercrime.” (2)

What are the cybercriminals looking for?

Industry classifies sensitive business information into five categories:

  1. customer particulars

  2. financial records

  3. credit card information

  4. private information – i.e. patient records

  5. intellectual property

Organizations that retain data in one of these categories are targets; those that do so in several are particularly vulnerable. For small businesses, a breach in any category can result in substantial harm.

What happens if I'm hit?

Consequences include loss of time, money, productivity and – most importantly – reputation. Every company wants to avoid the hassle of an operational standstill as account data is reconstructed. Indeed, one security breach can nullify years of hard work. Furthermore, all Canadian businesses are required to abide by privacy legislation, such as PIPEDA or related provincial statutes. (3) As of 2004, all organizations that collect personal information are obligated to take steps to ensure its integrity. In the case of electronic records, appropriate safeguards include the use of encryption and network fortification. Failure to comply with the Act can result in an intrusive audit and/or lawsuits from aggrieved parties.

So what can be done to protect my business?

Small business can adapt best-practices and common-sense approaches developed by large corporations. Systems can be substantially fortified by taking these four effective and inexpensive steps:

  1. First and foremost, company staff should simulate a system restore/recovery so as to confirm that backups are complete and usable. Too often testing the backups is overlooked. Management should directly supervise this process even if back-ups are the normal responsibility of an IT provider.

  2. Management, with the help of an outside organization, should initiate an assessment of the company’s Internet-facing network. This can reveal system weaknesses – including network exposures and other problem areas. A “criminal’s-eye-view” inspection of the network through the public Internet is an effective measure, one widely used by security specialists. A properly implemented assessment will include a step-by-step, plain-English “road map” for resolving trouble-areas.

  3. Company principals should establish a written security policy for all staff to follow. Its provisions will include ground rules for acceptable application use, email, and hiring/firing policy. Templates for this sort of activity are readily available. With a few hours of good consulting expertise, a security policy appropriate for any small business can quickly be created. Best of all, it can easily be extended as the need arises.

  4. Education for all company management and staff should be employed on an annual basis. Reviewing best-practices for things like email use, web surfing, and safe data handling will empower users and avoid costly mistakes. This time should also be used to review/refresh everyone about the company security policy.

Summary and Action Steps

Small businesses are the engine of the Canadian economy, creating nearly 70% of all new jobs in 2008. (4) Business owners must recognize the significance of the cybercrime threat to their well-being. This threat must be addressed head-on. Fortunately, the tools and expertise to effect this change are now both available and affordable. A few thousand wisely spent dollars can protect hundreds of thousands - if not millions - in damages, lost revenue and company reputation.

Bottom line, take and keep control of your network before the criminals do!




References:


(1) Walid Hejazi, & Alan Lefort , 2008 Rotman-TELUS Joint Study on Canadian IT Security Practices, 2009. http://promo.telus.com/2009/Manage_Risk/index.html

(2) Diane Bartz & Jim Finkle, “Cyber Breaches Are a Closely Kept Secret,” Reuters, November 24, 2009.

(3) See: Office of the Privacy Commissioner of Canada: http://www.priv.gc.ca/index_e.cfm

(4) Dr. Sherry Cooper, Canada’s Small Business Juggernaut - A Special Report from BMO Capital Markets Economics, October 2009. http://www.bmonesbittburns.com/economics/reports/20091014/sr0910.pdf

 

Questions?

For more information please contact us.


WaterlooSecurity

 

© WaterlooSecurity Ltd. 2009 - 2010