Initiative Arms Businesses With Tools to Protect Data
The Better Business Bureau and partners Symantec Corporation, Visa Inc., Kroll’s Fraud Solutions and NACHA – The Electronic Payments Association have launched a new national education initiative to help small business owners overcome any previous reluctance to taking the necessary steps to protect their sensitive customer and business data, so they won’t become the next victim of a data breach.

Data security threats affecting small businesses are both external and internal, but many owners fail to recognize the potential for a breach or take the necessary protection steps until it’s too late. The numbers:

• 33 percent of small businesses lack even simple antivirus protection. Source: Symantec Corporation, 2009
• 85 percent of data breaches occur at the small business level. Source: Visa Inc. September 2009
• 78 percent of consumers said they’d stop shopping at a store if they believed the store had experienced a card data compromise. Source: National survey of cardholders, Visa Inc., February 2009

“While data breaches affect businesses of all sizes, many small business owners aren’t taking the necessary steps to create ongoing data security policies and practices, including training their employees,” said Steve Cox, President and CEO of the Council of Better Business Bureaus. “Many small business owners recognize the importance of data security but don’t understand how vulnerable they really are, may feel intimidated by the issue or think that they lack the resources to implement a sound strategy.  As a result, data thieves often target small business owners, stealing both the sensitive financial information of the business and its customers.” 

BBB’s Data Security—Made Simpler provides small and medium business owners with the guidelines and right-size resources they need to build a data security plan and put it into action right away.  BBB’s Data Security—Made Simpler includes turn-key guidance to help small business owners:

• Identify their data loss vulnerability points – electronic and paper-based
• Develop a data security policy that both protects sensitive data, ensures its availability and restricts access
• Identify and deploy the right kind of tools to protect sensitive data, based on their type of business
• Communicate their data protection policies to customers as a strategy to strengthen the business - customer trust relationship and differentiate their company from their competitors
• Know what to do if they believe they’ve been a victim of a data compromise

In addition to providing free and easy-to-understand guidance through www.bbb.org/data-security/, the network of community-based BBBs across North America – as well as partners Visa Inc., Symantec Corporation and Kroll’s Fraud Solutions – will reach out to small businesses to encourage an increased focus on data security.

Back to top

Perimeter Ranks Malware Top of 10 Info Security Threats
Perimeter E-Security, a CUNA Strategic Service and provider of information security services, has released its Top 10 Information Security Threats for 2010.

"It is vital for companies to understand what they can do to best protect their systems and information," said Kevin Prince, Perimeter's Chief Technology Officer.

Perimeter's top 10 threats are:

1. Malware, which can be installed on systems through client-side software vulnerabilities. Browsers are a top target for vulnerabilities, Perimeter said. Malware was the second-highest ranked threat last year. For the first time, cybercrime exceeded drug trafficking, reported the FBI in 2009.
2. Malicious insiders. Many disgruntled and desperate employees have tried to exploit their employers or former employers. There is no way to completely eliminate the threat of malicious insiders, but good security policies can reduce incidents.
3. Exploited vulnerabilities, which lead to worms, viruses, malware and other attacks. Organizations need to improve their patch management, Perimeter said.
4. Careless employees. They can be categorized as careless or untrained; employees that are duped or fall prey to social engineering attacks; or malicious employees. Organizations should provide policies, procedures, training and technology to reduce threats generated by careless employees.
5. Mobile devices. Worms and other malware specifically target these devices and enlist them as botnets to steal data. Laptops are main culprits. Many are stolen every year and have sensitive data that would require public disclosure if there's a data breach.
6. Social networking. Sites such as Facebook, MySpace and Twitter can be breeding grounds for SPAM, scams, scareware and other attacks. Personal safety also can be an issue, because the information individuals post on the site can be a "stalker's dream come true," Perimeter said.
7. Social engineering attacks, such as phishing. Beginning this year, domain names will be expanded to include Japanese, Arabic, Hindi and Greek characters, which will make it more difficult for users to determine if a domain is legitimate.
8. Zero-Day exploits, which occur when an attacker can compromise a system on a known vulnerability but no patch or fix exists.
9. Cloud computing Internet-based security threats. Many applications call for forced encryption to access "in the cloud" services. As cloud computing becomes more popular, security will be an issue. "Cloud" is a metaphor for the Internet.
10. Cyberespionage. Most incidents so far have involved government bodies and agencies, and haven't been a threat to individual organizations. But because cyberespionage has large implications for government, it must be closely monitored.

Back to top