Consumer and business information is now worth more than it was in the past, according to security experts. With this increased value, information is the currency for criminals looking to commit fraud across the globe, and small businesses are increasingly targeted for such attacks.
This week, the FCC hosted “Cybersecurity Roundtable: Securing and Empowering Small Businesses With Technology,” as a kickoff to National Small Business Week. The roundtable discussed initiatives to protect small business owners from fraud and cyber attacks.
Brian McGinley, senior vice president of data risk management for Identity Theft 911 said the main message of the roundtable was: Small and mid-tier business owners need to step up to the plate, and can't be intimidated by risks.
"There are things they can do that are low, or no cost, to improve security significantly without a huge investment," McGinley said. "Small businesses need to increase their cyber security in terms of awareness and protective posture. Business information has become a real commodity."
In 2010, 74% of small and medium businesses reported they were targeted for cybercrimes, according to Symantec's 2010 Global SMB Information survey. The average cost of such attacks was $188,242. Of the more than 2,000 small businesses surveyed around the country, 42% lost confidential or private data and 40% experienced direct financial costs as a result.
Small business owners do not have the luxury of remaining uninformed or naïve about the risk at hand, McGinley said.
"They need to be taking responsibility for their protection," he said. "They're being targeted for fraud that was usually reserved for the big guys."
This trend of cyber fraudsters targeting small business owners has picked up since entrepreneurs began relying more heavily on the Web, McGinley said. Larger companies have ramped up their protections, leaving mid-tier and smaller companies open for theft.
"Criminals can launch [a crime] anywhere in the world at anytime," he said. "There is a 24-by-7 window open for them. And, some of the protections afforded to consumers aren't given to small business owners."
The FCC offers cybersecurity tips for small business owners on its site.
Here are five tips from the FCC's roundtable:
No. 1: Train employees in security principles.
The FCC recommends that all small businesses establish basic security practices for handling sensitive business information. All employees should be trained in the proper protocol, and there should be penalties in place for those who do not follow the principles.
No. 2: Backup important data.
Small businesses should regularly back up data on every computer used in the business. This should be done at least every week.
No. 3: Require individual user accounts for each employee.
This should be done so that not every employee in the company has access to critical information. The FCC recommends that administrative privileges be given only to trusted IT staff and personnel.
No. 4: Regularly change passwords.
Having the same password in place for extended periods of time invites hackers to try and steal information. Have employees change their passwords every three months.
No. 5: Limit physical access to computers and network components.
Prevent access or use of business computers, the FCC says. Also make sure laptops are stored and locked up when not in use, as they are easy targets for theft.