Smaller businesses have become bigger targets for cybercriminals because the bad guys know that they have fewer defense resources than large enterprises. If cybercriminals can breach a small business and steal credentials (banking accounts, email access, etc.) they can use that information to steal money directly and create attacks on your customers and employees.
The National Cyber Security Alliance/Symantec research on small businesses has shown that two thirds (66%) say that their business is dependent on the Internet for its day-to-day operations.
Today's businesses face several major online threats. Protect your business, employees and customers from online attacks, data loss and other threats by taking time to implement a security plan. Here are some tips and advice offered by the National Cyber Security Alliance
Assess Risks
•What information do you collect?
•How do you store the information?
•Who has access to the information?
•How do your protect your data?
•What steps are you taking to secure your computers, network and email?
Monitor Threats
You don't need to be a cyber-security expert to ensure that your business is protected, but it is critical that you understand the online threats to your company's network. Awareness of key threats will enable you to employ practices and behaviors that limit your company's risk.
Spam, unsolicited junk email, can be both received and distributed by businesses.
- Opening spam through your work email puts you at risk of contracting computer viruses and malware that is capable of disabling your corporate network or and allowing hackers to view and steal data.
- Distributing spam is another risk. Specific laws have established requirements for the type of commercial emails you can send to customers and potential customers.
To avoid ramifications from the FTC, all corporate emails to customers must abide by the following guidelines as stated in the CAN-SPAM Act of 2003:
- Do not use false or misleading subject header information
- Do not use deceptive subject lines
- Provide all email recipients with the option to opt off of your distribution list
- Ensure that your opt-off option is still working for at least 30 days after you send an email
- Identify your email as an advertisement and include your valid physical postal address
If you or your employees receive spam, forward it to spam@uce.gov. The FTC uses this database to pursue legal actions against spammers.
How Phishers Attack
- Fraudulent Emails: Phishers trick consumers by sending them emails that appear to be from a reputable company, such as a bank, retailer or credit card company. These emails include Web links that take consumers to a fake Web site where they enter their personal information.
- Keystroke Programs: Phishers use fraudulent emails to place programs on computers that record every keystroke a consumer types. Phishers are then able to obtain usernames, passwords and other personal data.
- Website Hijacking: Phishers can take over the Web address of a company and re-direct Web surfers to a fraudulent, but realistic site, which steals consumer information.
Reduce Your Risk of a Phishing Attack
- Monitor or register sites with similar spelling to yours.
- Provide your customers with an email address that allows them to validate that an email they receive with your branding is really from you.
- Monitor returned email messages as phishers often may hijack your email address to send bulk emails.
- Log your customer service calls and check for spikes in certain types of complaints such as a password inquiries and changes.
- Check for unusual customer account activity that has large volumes of logins, password changes, purchases, withdrawals, etc.
- Regularly search the Internet for use of your corporate logos.
Viruses and Spyware
- Viruses and spyware can enter your computer through emails, downloads and clicking on malicious links.
- Viruses can enable hackers to steal valuable corporate, customer or employee information, distribute spam, delete files or crash your entire computer system.
- Spyware programs allow hackers to monitor your online activity and steal passwords, records, and other valuable data.
Gaining Trust
Trust is an essential element of customer relationships. When it comes to Internet security, your customers trust you to protect the personal information they share with you. The following information practices will help safeguard your customers' data and help them feel confident about doing business with you online.
- Have (and follow) a privacy policy: Your company's website should have a privacy policy that tells customers what information you collect and how you use it.
- Know what you have: You should be aware of all the personal information you have about your customers, where you're storing it, how you are using it, who has access to it and how you protect it.
- Keep what you need and delete what you don't: While it's tempting to keep information for future use, the less you collect and store, the less opportunity there is for something to go wrong.
- Protect what they give you: If you're holding onto information about your customers, you need to keep it secure.
Keeping your customers safe requires your own computer systems to be fully protected. The best policies in the world won't protect your customers if your network and resources are at risk for preventable attacks.
Source: National Cyber Security Alliance
For more information about the National Cyber Security Alliance visit: StaySafeOnline.org.
You can also connect with the organization for the latest news and updates on their Facebook page and on Twitter.
Learn how to get involved in the NCSA awareness campaign: STOP. THINK. CONNECT by visiting StopThinkConnect.org.
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Leave a comment