National Cybersecurity Month: Are You Protected from a Security Breach?
Cisco Systems CEO Chuck Robbins says his company blocked 7 trillion threats – or 20 billion a day – to its customers’ business networks in the last year. If those numbers aren’t frightening for businesses everywhere, they at least force the question: Is your business protected from a security breach?
Cybersecurity Ventures, a world leader in cybersecurity research, says cyberattacks are the fastest growing crime in the world and they are expected to top $6 trillion annually by 2021. That kind of growth is why the Department of Homeland Security 16 years ago designated October as National Cybersecurity Awareness Month. Its goal is to make everyone, not just business owners, aware of the increasing threat.
The threat has gotten so big the FBI now has 63 people on its Cyber’s Most Wanted list. The bad actors range from lone wolves to rogue nations with many individuals hailing from countries like Russia, Iran and North Korea. Three years ago, there were only 19 people on that list.
The technology these people and organizations are exploiting was designed to make life easier. But as it has been embraced and improved, so has the skill of people who exploit it. People, businesses, organizations and governments have become so reliant on technology, they can’t function without it.
In its “2019 Data Breach Investigations Report,” Verizon’s survey shows that 69% of security breaches were perpetrated by people outside a business or organization and 34% involved some internal assistance. Organized crime was behind 39% of the incidents and 71% were financially motivated.
While many businesses and organizations have network security programs that are ingrained in their structure and culture, statistics show that 50% of organizations haven’t updated their security strategy in more than three years.
The retail industry is targeted for a variety of reasons. Thefts include business data, customer information and credentials, and payment transaction and card data. And the avenues to reach that data are many and varied.
Some of the largest data security breaches in history involved retailers. The largest involved an estimated 3 billion Yahoo user accounts that were compromised. However, eBay (145 million, 2014), Target (70 million, 2013) and Heartland Payment Systems (more than 100 million, 2018) all involved retail sales or payment companies.
Independent business owners might want to laugh off attacks on large corporations, but Cybersecurity Ventures, which works with Cisco, says nearly half of all cyberattacks are committed against small businesses. Approximately 60% of businesses that suffer a security breach from an attack never recover and close within six months.
A study by technology research company Vanson Bourne, published in Small Business Trends, shows that security breaches cost small businesses $53,987 on average.
The point of sale, a business’s digital management platform, is the bull’s-eye that many cybercriminals target. These attacks can range from skimming information right from payment terminals to sophisticated phishing, malware and ransomware campaigns designed to steal business, customer and payment data. The Target breach was perpetrated with credentials stolen from an air conditioning subcontractor that worked on several of the retailer’s stores. That event also sped up the U.S. payment card industry’s adoption of EMV – Europay, Mastercard, Visa – chip-based payment cards.
Because of their ability to act as the hub of a business and centralize all processes – inventory management, sales transactions, customer relations, marketing and more – retail platforms can be vulnerable if not properly managed.
There are some simple steps any business owner can take to lessen the damage of a security breach.
Make backup files. If you’re not doing this now, you are years behind the curve. Industry experts suggest that companies use the 3-2-1 Rule for backing up their important files.
- Make at least 3 copies.
- In 2 different formats.
- With 1 of those stored off-site.
Retailers don’t even need to do this on their own. Many technology providers offer automated software or managed services that do the work for you. Not long ago, Deb Martin of Caledonia Village Ace Hardware learned the value of having professional network management when her computer crashed. Paladin Data Corporation, her technology provider, protects her files with software that automatically creates database backups.
“When our office computer crashed, even the Geek Squad couldn’t revive it. I was panic-stricken. Gone were all my Excel documents, created forms, accounting data, employee handbook, et cetera,” Martin explains. “I recalled that (Paladin) installed SystemWise on my desktop as a trial and crossed my fingers that the program worked as described.”
It did and Paladin was able to provide a backup database that kept Cadedonia Ace’s doors open.
Keep a sharp lookout. Retailers or their business managers should keep their eyes peeled for suspicious transactions, unusual sales activity, any inventory irregularities or vendor charges. It’s healthy to develop a certain degree of paranoia when it comes to your business transactions and finances.
Seek Professional Help
The most effective way to protect your business from security breaches is to enlist the services of a professional. There is a myriad of options to protect your retail management platform and your valuable data from cybercrime.
“The bad guys have gotten much more sophisticated in the last three to four years, so it’s critical for all businesses to up their security game,” says John Oetinger, director of ManagedNetwork™ at Paladin Data Corporation. “The best way to accomplish this is with a multi-tiered approach to security, which means using multiple technologies from multiple manufacturers to improve your security posture. Depending on antivirus software alone is like taking a knife to a gunfight. Adding the more advanced security functionality available in UTM (Unified Threat Management) firewalls, as well as Windows Security Patch Management, makes it a fair fight.”
Oetinger says Paladin’s ManagedNetwork™, which is powered by Cisco/Meraki, blocked over 1 million security threats and other bandwidth-hogging undesirable traffic, for Paladin customers, in the past year.
For retailers, having a technology provider manage their business network is like having a dedicated IT department watching their backs. Managed network services not only provide protection from security breaches, they improve system reliability and performance. Systems have several layers of protection from security breaches and failover that prevents a store’s payment terminals from going down because of lost internet connections. It can also spot internal use of bandwidth – employees streaming movies or playing online games, for example – that lowers network performance.
John Bolthouse has close to 60 computers in his three central Michigan hardware stores. He recently chose his technology provider, Paladin Data Corporation, to manage his business network.
“When your business is dependent on running on the internet for credit cards and so on, you can’t be down for a minute. You just can’t. There’s no way to run a sale if you don’t have your point of sale and you don’t have your credit card terminals. It’s vital. When customers can’t pay for merchandise, it’s impossible to operate,” John explains. “I just want these machines to run and (ManagedNetwork™) keeps them running.
“(Our) main store has two separate (internet) providers. The other stores have cell phone backups. If one of them goes down, it’s basically transparent to me because it switches so fast. I don’t even know about it until I get an email telling me about it,” he adds. “I like the reporting. I like to see what’s going on in my networks. It’s been fantastic.”
National Cybersecurity Awareness Month
Each October, the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) work together to spread the word about how important cybersecurity is to everyone. This year’s theme is “Own IT. Secure IT. Protect IT.”
The program helps individuals and business owners:
Identify the assets they need to protect
Learn how to protect them
Detect when assets have been compromised
Respond to a security breach to minimize the impact
Recover assets and repair the damage
Whether you do it yourself or hire professional help, protecting your business from a security breach is a good investment of time and capital.
The following organizations offer advice on protecting your business from cyberthreats.