Welcome to our November business eNewsletter focused on cyber security and protecting your business.
Quote of the month:
“Something You Know + Something You Have + Something You Are = No Match for Something You Do” – Sean Martin, CISSP
In this Issue…
- Celebrate with Us: SpiritBank Holiday Party
- The Biggest Cybersecurity Threats for Small Businesses
- 10 Important Cybersecurity Tips For Small Business Owners
- 11 Cyber Security Questions Every Small Business Should Ask (INFOGRAPHIC)
- Let’s Focus on Cybersecurity for Small Businesses
- Equifax Data Breach Information
Thursday, December 7, 2017
1800 S. Baltimore, Tulsa, OK
Enjoy hors d’oeuvres and beverages in the Community Room and dessert in the Penthouse.
RSVP to Tandy Donald at firstname.lastname@example.org or (918) 295-7438 by Monday, December 4th.
The Biggest Cybersecurity Threats for Small Businesses
By The HartfordView
Cybercrime targeting small businesses is frightfully sophisticated. It is also on the rise. Here’s what you need to know.
Small businesses are increasingly in the crosshairs of cyber thieves. From ransomware and spear phishing to internet of things (IoT) attacks and crime on the cloud, smaller companies have reason to lose sleep at night.
According to 2017 Ponemon Cost of Data Breach Study, sponsored by IBM, the average total cost of a data breach is $3.62 million. That is not a loss most companies can afford to take. The study also found that one in four companies will experience a breach.
Fueling the increase in business cybercrime is the growing role digital devices and data storage play in people’s lives. Criminals follow the money, and for them, data means dollar signs. As crime goes, cyberattacks are fairly low-risk/high-reward endeavors, especially since services like Bitcoin make it easy for criminals to remain anonymous.
Because small businesses usually have fewer resources to invest in cyber security and IT support than their larger counterparts, they are low-hanging fruit for criminals. The first step in protecting your business is education.
Ransomware is on the Rise
In ransomware attacks, criminals infect a computer or network with a virus that encrypts data. Then they demand payment in exchange for the return of that data, usually by delivering instructions in a pop-up window on the infected computer.
What happens next varies. If the business has a solid approach to backing up data, it may be able to ignore the threat, wipe the system clean, and start anew from its last backup. If not, a business may opt to pay the ransom, which typically ranges from hundreds to thousands of dollars, but that still doesn’t guarantee the return of its data. (We are dealing with criminals here.)
If you factor in loss of productivity and the cost of recovering files, cybercrime costs small and midsize businesses $75 billion each year. Worldwide, ransomware attacks have increased by 36 percent, according to the Symantec 2017 Internet Security Threat Report.
Phishing Gets Sophisticated
Email is the weapon of choice for criminals. Symantec’s study of billions of emails found that one in 131 emails contains malware, the highest rate in five years. Symantec also reports that more than 400 businesses are targeted by spear-phishing emails every day.
Mark Anderson, principal of Anderson Technologies, a St. Louis-based IT company, says that phishing emails have become increasingly challenging to identify. They are “designed to mimic legitimate communication to gain access to sensitive information, such as usernames and passwords,” he explains.
While phishing refers to a broader attempt at tricking people into sharing confidential information, criminals sometimes target a particular victim with a personalized approach. This is spear phishing. For example, a fraudster might pose as your business banker and send an email asking you to confirm your log-in information or review a recent transaction. The email would be addressed specifically to you, signed by your representative, and emulate the look and feel of typical communication you receive from that business.
The Role of Education
One of the most important steps a small business can take to mitigate its chances of falling victim to ransomware or phishing is employee education. “It is crucial that everyone inside your network understands the inherent risks of digital communication,” says Anderson. “All it takes is one wrong click from an employee to compromise your entire system. Teach everyone to think twice before opening an attachment or clicking a URL, even if it appears to be from someone they trust.”
Kevin Chapman, SVP and GM of Avast‘s SMB Business, suggests running routine cyber trainings and restricting access to important data to only those employees who need it. “In addition, shutting down the accounts and access of former employees quickly is important, as these accounts are often not monitored after an employee has left,” he says.
What’s Next for Cybercrime?
For criminals, innovation spells opportunity in the form of security vulnerabilities. Chapman says the new generation of connected devices, known as the internet of things, is a target for cyberattacks. “Businesses should be aware that any unsecured connected devices brought into their network can be accessed. Ensuring all devices are secured with strong passwords that are regularly changed is a simple, effective way to stay safe. It’s also critical to have up-to-date security software on all devices,” he cautions.
As more businesses turn to cloud-based solutions, so, too, do criminals. Rather than just targeting end users, criminals can target cloud-based infrastructure, such as servers in the cloud that store data from many different companies. The Symantec report describes the cloud, along with the IoT, as the new frontier for cybercrime.
In addition to educating your workforce, take the following steps to help protect your small business from the year’s biggest cyber threats:
Read this article Inc.com
Massive kind of cyber security breaches that shattered some top enterprises threw the topic of cyber security to the popular discussion. Though only large companies find their way to the headlines, small businesses are not free from several cybersecurity threats. The horrible fact remains that the impact of cyber-attack on a small business can often be devastating. Studies by National Cyber Security Alliance show that within six months of being hacked, over 60 percent of businesses have quit the scene once for all.
The most common practices to combat cybersecurity issues are to deploy powerful antivirus software and also backing up the data on a regular basis. This is the first step any small business can take. However, there is still a lot more to stay protected at a time when the hackers have grown technologically advanced to challenge any kind of proactive measure. Here are most important cybersecurity tips for small business must implement across their enterprise.
Deploy Strong Passwords
Those enterprises depending on easy to forge passwords like ABCD or1234 are only facilitating a cake walk for the hackers to crack their system code. Experts advise putting some innovation in passwords including numerals, characters, and alphabets. Tough passwords make it tough for hackers to crack them. Time and again remind your employees to create new and strong passwords and also change them often.Keep password attempts to minimum
Most hackers try random passwords till they are able to open your account successfully. If you have implemented a six digit pin, you are only creating a million unique possibilities and so your account is never safe. Today there is amazing password cracking software that can easily guess your codes within a few minutes. Therefore keep the password attempts to a minimum during every stage of the authentication process.
Rely on Good Password Management Software
Password management tools help create strong passwords and also remember them. So, many businesses wish to install them for their many advantages. However, the big downside to them is the passwords are stored in their databases making it handy for the hackers to get all of them if they can access the location just once. So, ascertain the password management tool you are depending on is reliable.
Make Use of On-Screen Keyboard to Enter Sensitive Information
Today there is advanced keylogging software that can record your keystrokes. Therefore your data is under severe vulnerability especially when you use shared networks. If you use the onscreen or virtual keyboard to key insensitive data with the clicks of the mouse, you are successfully falsifying the capabilities of such keylogging software.
Backup Data Regularly
Data backup is something that you must never take lightly. Not only you must back them up, you also must manage them effectively. For example, if you are depending on cloud storage for backup, then you are depending on a remote location to store your data. This means someone can gain access to your data easily. So, it is important that you encrypt and password protect your documents before storing them on a remote server.
Promote Cybersecurity Awareness Across Your Organization
Cyber security breaches have become more common than you can imagine. Therefore it is very important to train all the employees of your organization these aspects through seminars and talks. Also, test the IT knowledge of the employees regularly. Clearly publish your policies regarding hacking and breach of data security in the organization.
Never Store the CVV number of Your Customers
Though getting the customer’s card details with their consent helps in making future checkouts easier, this practice can increase the risk of customer data being accessed by the hackers. So, store credit card numbers without recording the CVV number. Entering the three-digit CVV number is not going tobe a difficulty for the customer.
Restrict the Access to Systems and Network Elements
Never allow outsiders and unauthorized personnel to use your systems. In case this necessary like a technician attending on the repairs, it is advisable you have someone supervise them while they are on the job. Once they finish the task, lock up your computer. Frequently monitor the personal devices of your employees.
Make Regular Updates to Your Software
Often you get pop-up messages that prompt you to upgrade your software. Software updates are a sure measure towards advancing your computer security. If this is not done, your system becomes more vulnerable to hacking as well as malware. Since the makers of software release updates that can tackle newer vulnerabilities, this is very important.
Secure the Networks
To prevent unauthorized access, hide and secure your Wi-Fi networks hiding the Service Set Identifier found in the router, encrypting the wireless access point, disabling access from a third-party network, and scanning your network thoroughly ad regularly.
While most cyber-attacks target big corporations, small businesses have no reason to feel they are in the safe zone. Nevertheless, their security threats are by no means small. Experts say over 45 percent of cyber-attacks primarily target small businesses. They may fall a victim to hacking any time suffering on account of malware, ransomware and data theft since they most often rely on ineffective and outdated protection measures and less knowledgeable staff, which can help the hackers achieve their ends far more easily. Therefore, it is important that they safeguard their interests by implementing the few security measures that will help them stay protected.
Read this article USNewsandBusiness.com
11 Cyber Security Questions Every Small Business Should Ask
By Shubhomita Bose
Don’t regard a cyber attack as a potential risk for your small business? Think again. Cyber crime is on the rise and hackers are increasingly targeting small businesses.
The big question therefore is: are you prepared for a cyber attack? Small business credit provider Headway Capital, has compiled data to help you check yourself.
Cyber Security Questions
Here are some questions every small business owner must ask to ensure they are prepared for a cyber attack.
Does Every Employee Have a Strong Password?
More than half of all data breaches caused by weak passwords and yet just 24 percent of small businesses have a strict password policy in place.
Are Your Employees Required to Change Their Passwords Regularly?
Despite having a password policy in place, 65 percent of businesses do not enforce it. It should be mandatory for your employees to change their passwords regularly to protect data.
When Possible, Do You Use Two-Factor Authentication?
Add an extra layer of data security by enforcing two-factor authentication wherever possible. For example, by adding SMS authentication.
Do Your Employees Use Their Personal Smartphones for Work Purposes?
Chances of malware attacks are greater when personal phones and devices are used in the office network. To prevent data theft, give your employees secure work phones with a passcode.
Are You Backing Up Your Files?
Cyber attacks can make your confidential files completely inaccessible. It is therefore a good idea to keep local backups as well as an offsite server.
Does Every Company Device Have Antivirus and Malware Software Installed?
Make sure the updated versions of antivirus and malware software are installed and check devices before use.
Have You Limited the Amount of Employees with Admin Access to Only Those Who Absolutely Need it?
Give access sparingly and only to those employees who really need it. Importantly, make sure those employees are well educated on security issues.
Are Your Employees Trained in Recognizing Phishing Emails?
Phishing accounts for 49 percent of all cyber attacks, and it can be tricky for an employee to identify it. It’s important to train employees to ensure they do not respond to suspicious emails.
Do Your Employees Know Never to Give Sensitive Information to Supervisors Via Email?
Sometimes hackers create an email address that looks genuine and is in the name of a colleague. Ask your team to double-check email requests for sensitive information.
Do You Encrypt Databases and Customer Information?
Without encrypting, your sensitive data is accessible to hackers. That’s why, you must ensure all your information is encrypted.
Are Your Websites Properly Protected?
Most attacks happen on WordPress websites. It’s therefore a good idea to install updates and stay updated on WordPress security best practices to avoid data loss.
Check your company’s cyber security preparedness by following the flowchart in the infographic by clicking here and scrolling down.
Read this article at the SmallBizTrends.com
If you own a small business or work for one, you’re probably concerned with protecting your business’ data. You want to make sure that sensitive information isn’t accidentally deleted, turned over to a scammer, or hacked. So this week, during National Cybersecurity Awareness Month, let’s focus on making sure you know the resources the Federal Trade Commission (FTC) has to help you and your employees understand cybersecurity, maintain your business’ computers and networks safe, and keep sensitive information protected.
As we focus this week on small business’ cybersecurity, visit FTC.gov/SmallBusiness. Read the articles, download the videos, and show them to others. You can also order publications free of charge and keep copies available for your employees. And if you subscribe to the FTC’s business blog you’ll stay connected with us this week and all year long.
Read this article at the Consumer.FTC.gov
Equifax Inc. (our primary credit bureau) announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
Equifax is working with law enforcement, a cybersecurity firm and regulators. In the meantime, the company has setup a website: https://www.equifaxsecurity2017.com/ with more information and to help consumers know if they were impacted. Customers should be vigilant over the next several months to check their credit card statements, and the Equifax website, for trending information and resources.
Here are links to two websites with information on how to freeze your credit if you desire:
Read this article at the SpiritBank.com
The views and opinions presented in this newsletter do not necessarily represent those of SpiritBank.