As a reader of our blog, you know that XSolutions emphasizes cyber-security in many of our posts. Some readers may think that our “rants” don’t involve them because they are not company owners or executives. IT security is EVERYONE’s business and concerns EVERY employee regardless of title.
A recent article on CIO.com called “What Data Breaches Teach Us About the Future of Malware: Your Own Data Could Dupe You” brings home the point very well. People are the weakest link in security. The article uses the recent eBay data breach as an example and goes on to say that as many as 100 eBay employees may have been victims in a rather unsophisticated social engineering attack where user names, email addresses, dates of birth, locations, and phone numbers were stolen.
In our last two posts, we spoke about HIPAA and PCI compliance. While PCI compliance is not federal law, it has teeth that can take a big bite out of non-compliant businesses. On the other hand, HIPAA is federal law and Covered Entities and Business Associates are subject to its regulations.
Many small businesses think that cyber-criminals are only interested in the big boys like Target, eBay, etc. This is not true. Criminals know that Small-to-Medium Size Businesses (SMBs) are likely to be lax on security and make easier targets. Inc. Magazine reported that a study by Symantec found that SMB cyber-attacks rose 300%.
Remember one thing: the attacks you hear about in the news like Target and eBay are those that are considered “newsworthy” by the big networks. Data breaches are happening daily — you just don’t hear of them. In some cases, the company doesn’t even know they’ve been hacked!
Now, let’s come full circle. What are cyber-criminals after? How about:
- Names, addresses, and emails
- Current whereabouts (such as vacations and business travel plans) posted on social media
- Logins and passwords
- Social security numbers
- Credit card numbers
- Bank and financial information (for the company as well as for your clients)
- Healthcare records with Personally Identifiable Information (PII)
- Company secrets that can be sold. Remember the recent article on China’s hacking activities?
Do you think your company has any of this type of information in its systems? Most companies have at least a few, drawing cyber-criminals to SMBs in record numbers!
Here’s an interesting tidbit: If you’re still using Windows XP in your business, you are non-compliant for PCI and HIPAA purposes. Windows XP is unsecure and hackers have increased their attention toward businesses that haven’t yet upgraded their systems.
Don’t be fooled into thinking that your business is too small to be noticed. Beef up your cyber-defenses and increase employee education. Your company’s survival is at risk.
If you would like to discuss the IT security of your business, call XSolutions at 845-362-9675.