CYBER SECURITY MEASURES

Cyberattacks are on the rise and hackers are targeting more than just
big business.
Small businesses are at risk, too, and companies of all sizes are
woefully ill-prepared to fight off online threats.
Before brushing off the need for cybersecurity, consider this: 97
percent of data breaches last year were avoidable without the need to
employ expensive countermeasures to combat them.
In its 2012 Data Breach Investigations Report, Verizon
Communications examined 855 data breaches in 2011 at businesses
in the United States, Ireland, the Netherlands, Australia and England.
Verizon has compiled the annual report since 2004.
Hacking and the use of malware were the preferred methods to get at
businesses' information, with both methods being used in breaches,
the report states. Hacking was used in 81 percent of the breaches
and malware in 69 percent of the incidents.
By far, the most sought-after target of these breaches was
"personally identifiable information," which can include a person's
name, contact information and Social Security Number. Personal
information accounted for 95 percent of all of the data records stolen
during the breaches in 2011.
The report demonstrates that unfortunately, many organizations are
still not getting the message about the steps they can take to prevent
data breaches, Wade Baker, Verizons director of risk intelligence,
said in the report.

Businesses of all sizes can take measures to safeguard their

information from prying eyes. Here are 10 cost-effective ways to
protect your small business from cyber attacks.
1. Install a firewall. Just as a real firewall keeps an inferno in one
room from spreading to the rest of the building, a computer firewall
blocks unwanted information and people from entering a business'
computer system from the Internet. Once the firewall is in place and
working, never turn it off of any computer in the business.
2. Set up an Access Control List. This will allow your business'
system administrator to control which employee have access to the
computer system or certain parts of the computer system and
whether they can log in remotely or only from the office.
3. Change the default passwords for the company's point of sale
system. A vulnerability the Verizon report mentions specifically is
businesses failing to change the POS password credentials from the
manufacturer's default setting to a custom password for the company.
The report also recommends making sure that all third-party vendors
change passwords as well.
4. Establish security roles and responsibilities. Identify which
employees need to have access to the business information and set
up responsibilities for those employees. The Federal
Communications Commission recommends setting a period of time
an employee must be in the role before access rights are granted.
5. Establish policies for Internet and social media usage. If your
business wants to limit the use of the Internet and social media to
break time, make sure the employees know the policy.

6. Use a Web-filtering system. These programs can block harmful

sites as well as sites that may be inappropriate for viewing during
company time.
7. Use Internet security programs on each computer. The
programs work in addition to the firewall to help block malicious
software from attacking the computer and compromising data.
8. Be wary of peer-to-peer sites. If your company uses peer-to-peer
sharing, be cautious of the security of such connections and learn
what the peer site's safeguards are.
9. Keep the most critical data offline. Organize your business' data
and keep the most critical informationsuch as customers' personal
informationoffline.
10. Get cybercrime insurance. This kind of policy covers the liability
of the company in the case of a cyberattack or a data breach. Some
policies cover direct loss, legal liability and consequential loss from
security breaches. Some insurance carriers also offer network
security risk assessments to determine your company's exposure risk
to attack.