Cyber Crime: Keeping Your Ones and Zeroes Safe

Fraud + Chargebacks Fraud Prevention By Natalie Burg July 15, 2014

When it comes to cyber crime, many small businesses believe their size protects them. What could a small company have to offer hackers? And with the millions of businesses in the world, what are the odds it would be a target?

The National Small Business Association has an answer to that question that could be a wake-up call for many: According to the group, 44 percent of small businesses report having been the victim of a cyber attack, resulting in service interruptions, information falsely sent from their domains or email addresses and downed websites. The average cost of these attacks to businesses is $8,699.48.

The NSBA’s findings aren’t unique. CNN Money reports that studies from Verizon and Symantec both found small businesses are at risk for cyber attacks.

“Small businesses retain very valuable information for hackers, like customers’ credit card numbers, intellectual property and money in the bank,” Vikram Thakur, Symantec’s principal security response manager, told CNN Money. “Small companies are lucrative victims, too. That’s making the target on their back even bigger.”

The best way to remove that target is to start targeting cyber crime yourself. By taking your business’s security into your own hands, you can defend your company against cyber criminals.

Apply Mobile Security Standards

According to a recent study by Forrester, U.S. mobile phone and tablet commerce will top $293 billion by 2018, so if you offer online sales, chances are high that many of those purchases are made via mobile devices. This creates opportunity for hackers.

“As these devices are not solely used as point-of-sale tools but also to carry out other functions,” stated PCI Security in a 2013 press release, “they introduce new security risks. By design, almost any mobile application could access account data stored in or passing through the mobile device.”

That’s why PCI developed “PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users,” a white paper written to help educate merchants on ways to best prevent card data from exposure. The guidelines address three main mobile transaction risks: data entering the device, residing in the device and leaving the device.

By applying these standards, you can help keep your business’s and your customers’ data as safe as possible.

Plug Immediate Weak Points

Some security weaknesses are quick and easy to patch up, such as setting stricter password policies in your workplace.

“A state-of-the-art security system won’t much matter if a hacker gets a hold of an employee’s password,” wrote Kevin Casey for Information Week’s Dark Reading. “That’s much more likely to happen if you take a laissez-faire approach—or none at all—to creating and protecting passwords.”

Polices should dictate that passwords should be complex, should never be reused and should be changed regularly, he said. Email accounts should be closely watched, and password wallets should be used for workplaces that require multi-party access to accounts.

Firewalls are another easy way to ramp up against cyber crime. Available both as hardware or software, firewalls can be a business’s first line of defense.

“Think of it as the electronic equivalent of a sentry at the gate,” wrote Fred Decker for the Houston Chronicle. “It inspects all the data passing in or out of the network, ensuring that the traffic is legitimate. When properly configured, a firewall should allow your users access to all the resources they need while still keeping out any malicious users or programs.”

Have a Dedicated Financial Transactions Computer

A sure way to keep a hacker from getting into your system through one program and then making their way to your financial transaction data is by keeping the two completely separate. According to Security Management, a SANS Institute report recommends having a separate operating system for financial applications, free from other email and web use, calling it “the single most important protective measure” for businesses.

“Perhaps the easiest and most secure way to use a separate hardened OS for financial transactions is to use a separate computer, according to the SANS report,” wrote John Wagley for Security Management. “Attackers would then have to independently attack the hardened OS.”

While buying an additional computer is a disadvantage, Wagley pointed out that companies can save money by using open source Linux OS and open source applications.

Use Affordable Security Tools

Large companies can invest significant resources into fancy cyber security, but most small businesses don’t have that luxury. That doesn’t mean you’re out of luck. There are plenty of affordable security tools available from companies including Random.org, Symantec and CloudFlare.

According to Business News Daily, CloudFlare can automatically detect attacks, block them and create up-to-date security reports. Random.org helps companies generate secure passwords, while Symantec for Small Business offers comprehensive security packages built for a small-business budget. Other resources include StaySafeOnline.org, a National Cyber Security Alliance project full of small-business security tools, and the Federal Communication Commission’s Small Biz Cyber Planner, which can help small-business owners make a custom cyber security plan.

Preparing for a cyber attack can be an eye-opening experience for many small business owners, especially when you realize how much it could cost. With just a few easy policies and tools, however, staying secure doesn’t have to be an overwhelming task. From ramping up company passwords to utilizing affordable security tools, your small businesses can be just as secure as you’ve always believed it was.