[BreachExchange] No Business Is Too Small For Hackers

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 3 21:20:43 EDT 2016


http://www.bsminfo.com/doc/no-business-is-too-small-for-hackers-0001

It's National Small Business Week, which means it’s time to celebrate the
hard work you do and ensure that your business continues to grow.

Have you ever thought about what would happen if your business were
affected by a data breach? We all constantly hear about well-known brands
being breached. You may think to yourself, “Oh that would never happen to
me … the big guys are the easy targets for hackers.” In a way,
cybercriminals do love going after “the big guys,” mainly because the
bigger the company is, the more credit card information they house — hence
more money to go after.

But in reality, the easiest targets are small businesses. Big corporate
brands have extensive IT teams working to make and keep their networks
secure, thereby creating greater obstacles and difficulties for a hacker.
Yet, as you can see from the news headlines, they often still manage to get
in.

Now imagine just how quickly these cybercriminals can get into multiple
networks of small businesses — especially since these smaller companies
typically lack IT staff monitoring their network activity. Easy targets,
right?

Do you ever hear about the small restaurant down the street that got
breached? Not really, but just because it isn’t front page-worthy news does
not mean that small businesses aren’t being compromised as well.The sad
truth is a breach will hurt a small business and its reputation. According
to First Data Market Insight, $36,000 is the average cost of a data breach
for small businesses. Could you imagine the effects on your profits? What
about your customers? You may not make it in the news, but your customers
will find out. On top of the costs of a data breach, your regular customers
may stop shopping or dining at your store or restaurant. In fact, 31
percent of customers have terminated their relationship with a business
after being breached.

Be sure to take the following measures to prevent a data breach at your
small business:

1- Maintain a strong firewall — the PCI data security standards prescribe
firewalls for compliance. A managed firewall is the first and most
important line of defense for your network.
2- Conduct regular scans of your network — the best way to determine if
your systems have been compromised is to scan them regularly for
vulnerabilities. For relatively low annual fees, a security vendor will
remotely scan all of your external systems’ access points to determine if
any are vulnerable to intrusion.
3- Limit remote access — many restaurants and retailers leave their
firewalls open to outside entry by managers working remotely or vendors who
routinely perform maintenance on systems. Create strong passwords instead
of using the default codes, and change them often. Similarly, always change
default firewall settings to allow only essential access, and limit remote
access to secure methods such as VPN.
4- Ensure all credit card data is encrypted — if you have older POS
equipment that sends raw credit card data to a back-office server, it may
be time to upgrade. Modern, secure POS systems encrypt credit card data as
soon as a card is swiped, and they immediately send that data to the
payment processor without temporarily storing data. Double-check your POS
system to make sure it complies with PCI standards.
5- Segment your network — for example, make sure your POS data traffic is
separate from your Wi-Fi, security cameras, digital menu boards and other
connections. If you want to enable managers to connect to the POS via
Wi-Fi, connect them through a virtual LAN that separates authorized traffic
into a security zone.

Does this sound like adding a lot more duties on your plate? Luckily, you
can always outsource these duties to a specialized team whose main job is
all of the above and more. The cost of a data breach will always be higher
than the cost of protecting your data in the first place. Managed service
providers will take care of security, so you can take care of your business
and customers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160503/3f675a33/attachment.html>


More information about the BreachExchange mailing list