By Janie Pritchett-Clark
Introduce something new and marvelous and someone, somewhere will exploit it. Computer and Internet technology have given warp-speed to businesses of all sizes, shapes and interests. It’s leveled the global playing field for the proverbial 4Ps. With this technology comes a new criminal industry: information theft – a multi-billion dollar industry of worms, viruses, trojans, phishing, pharming, malware and out-and-out theft.
According to the Cyber Security Industry Alliance (CSIA) the US is the target for 30% of all malicious activity, more than any other country. We’re also at the top for underground economy server activity, and theft or loss of data-storage accounts for 46% of all breaches that could lead to identity theft.
Our education sector is the weakest (30%), with the government sector not far behind (26%). A staggering 85% of credit cards advertised on underground economy servers were issued by banks in the United States.
Keeping your company safe isn’t about paranoia. It’s about taking smart precautions, using continued good common sense, and pulling in experts to help recognize and solve problems – preferably – before they arise.
“This is not an area to trust to your nephew or neighbor’s kid,” says Don Goff, Managing Partner and COO of ClearPointe in Rogers, the largest privately held business technology firm in Northwest Arkansas. “There are a lot of good things on the Internet to help with network security,” says Goff. “But if you don’t know what you are looking for seek help.”
Cisco Systems, the leading supplier and most familiar name in networking equipment for the Internet, sites five major security issues for the SMB space – small and medium-sized businesses.
1. Worms and Viruses
2. Information Theft
3. Business Availability
4. The Unknown
5. Security Legislation
Worms and Viruses
Internet’s crime of opportunity, worms and viruses are programs that float through web space looking for an open door, the opportunity to enter, and infest. They are not targeted and they probably won’t steal private information. They can wreak havoc in your company’s network.
Jason Hummel, President and chief geek ArTech PC, an IT outsourcing company in Rogers, sees the impact of these attacks on a daily basis. ArTech PC works with companies and vendors of all sizes to implement hardware, software, or anything else that arises, including PC repair.
“With the amount of computer worms, viruses, and spyware in the wild today it is becoming increasingly more important and critical to protect your computers. No matter the size of your business you must stay protected. We’ve heard it a thousand times, but I still come across businesses that do not have anti-virus protection.”
Watch that e-mail, says Hummel. “Spammers are getting better at their subject lines, and even better in their spelling and grammar, so it’s sometimes hard to notice spam right off. Be very weary of what you open, especially if it contains attachments or links to sites that require you download programs or files.”
Be sure to include laptops in your safeguards, he adds. They need the same protection, if not more. When traveling, enable your software firewall because you won’t be connecting to a router.
Information Theft
While worms and viruses are the drive-by shootings of the computer world, information theft is a targeted attack with a reason behind it.
“Usually theft for gain or retribution, at least half of the thefts of this nature are an inside job,” says Christopher Church, ClearPointe’s Director of Professional Services. “It’s somebody on the inside who has an axe to grind or is getting paid by another person to acquire that information.”
“Statistics say it’s going to happen and it’s probably going to happen to you,” says Goff. Ponemon Institute claims nearly 60% of departing employees steal proprietary company data.
Business Availability
Traditional DOS or Denial-of-Service attacks are less common now than previously, but anything that can shut down your Web site and e-commerce is a dangerous attack against your business.
Attacks that breach business computers are more common than you might think, and not so easy to discover. As Goff explains, a case in point was a law firm that was continually running out of and updating drive space. It was a costly and frustrating predicament. After an assessment from ClearPointe, they discovered their server had been hacked and hackers were actually storing (illegal) films on the drive – taking up space and bandwidth. Buying more storage seemed like an easy in-house fix, but it wasn’t.
“The bottom line comes down to two things,” says Tim Melton, ClearPointe VP of Sales. “Either information is being taken from you and that is costing your company. Or something bad is happening to the system and your company cannot function well without it.
“One of the reasons you have a system is for your business to function so you can make money. If you’re not making money because your business isn’t functioning, you’ve got a problem.”
The Unknown
Who knows what lies ahead: Malware, short for malicious software, is rampant. Malware authors are reportedly producing in bulk and successfully trading tools, skills, capabilities and resources in a network-based underground ecosystem.
Well targeted to databases, social networking services, and financial transactions, information thieves are employing increasingly sophisticated techniques. Third-party organizations such as outsourcers, contractors, consultants and business partners represent some 40% of information breaches.
As a business, unsafe, unprotected computing can put you at risk in many ways. Sometimes common sense is the only way you can you steer clear of the risk. For example, the email environment is not the best place to conduct private business. “Never trust an email that says there is something wrong with your personal information, bank account, or credit cards,” says Melton.
“And don’t click just anywhere,” warns Goff. “It’s easy to look authentic. I’m sorry to tell you this, but, no one is looking for you and you didn’t win. No matter how tempting those emails are to click on, don’t do it. If you want to be found get a Facebook page.”
Security Legislation
Government has stepped in to protect the privacy and integrity of information, and fitted the onus on the business that collects that information. Nearly every industry has its own set of guidelines and regulations on top of government mandates. Make sure you know what’s expected of you legally and what customers expect of you for their loyalty.
The Remedies
Technology is certainly an area where business decision makers can feel taken advantage of. The experts suggest working with reputable and qualified providers is actually going to save money.
“Your company needs to be working with professionals who have the knowledge and background in working with small businesses solving these types of issues,” says Church. He recommends you order an assessment of your network, which would probably run under $1,000 in Northwest Arkansas. Often the solutions will save the company money both long and short term.
“As a business owner, you are going to make a lot clearer decisions if someone assesses your needs when you are not having a problem than when you are in a crisis. If you are proactive, then you have the luxury of weighing recommendations and options, purchases that can be scheduled and budgeted, even take advantage of special offers instead of paying rush fees.”
Church’s team works often with the banking industry and credit card processing clients. They conduct assessments of networks, make recommendations, and then deploy those recommendations to make the networks secure. “You can spend a lot of money on security, but if it’s not deployed correctly then what good is it? Even if it is deployed correctly, it has to be monitored and maintained to make sure it’s doing its job.”
“How secure you want your company to be depends on how much money you want to spend, how valuable your information is, how secure you feel, how much network evaluating or monitoring you need, and the regulations for your business or industry.” says Melton.
