Cyber Criminals Shut Down an SMB in One Hour

By | May 11th, 2015|Uncategorized|

JomocoThere’s a huge misconception among small businesses that cyber criminals are only interested in stealing data from big names like Target, Home Depot and Neiman Marcus. This misleading mindset may cause a small business (SMB) to inadequately invest in security measures and improperly enforce security policies at work. In fact, only 2 in 5 SMBs have a social media policy in place and only 2 in 10 SMBs plan to increase security spending this year. The truth of the matter is that cyber criminals are looking for the path of least resistance that will get them the most information as fast as possible.

With the growth of startup culture across the nation, we decided to test just how easy it is for cyber criminals to infiltrate a budding business. Thanks to the ingenuity of the sales and marketing team and some dark web help from our cyber team, Jomoco was brought to life. Jomoco is a fictitious coconut water company with a groovy coconut mascot and two fabricated employee personas. We set up Jomoco like any other startup would – with a company website, server, employee personal and work email addresses, a credit card and some employee social media accounts. CSID also ensured that Jomoco’s fictional employees made common mistakes when protecting their professional and personal data online, including sharing sensitive information via email and reusing passwords across multiple sites. The real cyber criminals took it from there.

Within one hour, Jomoco was taken over by cyber criminals. The website was defaced, the credit card had been used and employees were locked out of work emails and social media sites.

Interested in finding out how cyber criminals took down this business so fast? Download our case study to get the complete story, including pictures of the defaced website and the dark web forums where Jomoco’s credit card information was shared. If you’re an SMB looking to better protect your data, here are tips from the National Cyber Security Alliance on how to make your business more secure.

How can SMBs better protect their assets? What are some ways employees can protect business data? Please share your thoughts with us on Facebook, Twitter and LinkedIn! We’d love to hear what you have to say.

Cyber Protection Tips for Small Businesses

By | August 14th, 2014|Uncategorized|

Guest Post_081114This post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by taking a look at our SMB Security For Every Phase of Growth webinar.

This cyberSAFE guest blog post comes to you from Sandra Mills, a freelance tech, online safety and security writer.

Cyber protection is something that should be top of mind for every small business. Since small businesses likely don’t have the staff or the capital that larger businesses have, it is crucial for small businesses to ensure that their business does not fall victim to cyber criminals.

Here’s a look at cyber protection tips every small business should employ:

Strong Passwords
The first thing every small business should do is confirm that employees are using best password practices. Passwords are first level security, so creating them to be strong is of vital importance. It should go without saying that employees should never use numbers or words that can be easily guessed, like names, birthdates, etc. For even more peace of mind, utilize two-factor authentication – which often involves having a text message sent to your cell phone with a unique code each time you log on – whenever possible.

Preventing Computer Viruses
Viruses can inadvertently be downloaded from the Internet or included in email links and attachments. This is why an anti-virus program should always be used to scan emails and downloads before an employee opens them on a company computer. Anti-virus software must be updated on a regular basis since failure to update can make a business vulnerable to new Internet viruses, which are always being created.

Making sure you use a firewall on business computers is also a crucial part of your cyber protection plan. You may think of firewalls as an annoying blockade between you and your favorite social networking site, but they serve a very important purpose of filtering out what you don’t want on your server. Firewalls can be useful both at home and at the office. You can never be too careful when it comes to keeping a business’ network safe.

Data Backup
If you lose important information off of your business computer, you may find that you quickly lose business from inconvenienced clients. For this reason, it is crucial that you back up all your important files in the event that a virus does make it into your computer system, and causes damage to your computer’s hard drive.

The tighter a ship you run when it comes to your cyber protection, the better.

News Recap: FCC Wants Communication Companies to Take Security More Seriously

By | June 13th, 2014|Uncategorized|

FCC postFCC Chairman Tom Wheeler recently addressed the agency’s cyber security plans. IDG News’ Grant Gross reports that Wheeler stated the “FCC will take steps to encourage cyber security in the coming months, acting first as a promoter of company-led initiatives instead of a regulator… But if that doesn’t lead to improvements, the agency is prepared to act.”

TechCrunch’s Alex Wilhelm reports that the purpose of this new effort is to “identify what constitutes risk, create tooling to combat the highlighted risk, deploy the tools, and then keep an eye on their performance.” The cyber security efforts will begin in the coming weeks, when the agency will audit network operators to see whether they have implemented 2011 cyber security recommendations, Gross reports.

“We cannot continue on a path that lets individual networks put other networks, American businesses and consumers at risk. We need to develop market accountability that doesn’t currently exist,” Wheeler said. “Cisco forecasts that by 2020, over 50 billion inanimate devices will be interconnected. Expressed another way, that’s 50 billion new attack vectors.”

Do you think the FCC will have to step in with more regulations to better control cyber security efforts? How will communication companies respond to the FCC’s new cyber security plan? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

cyberSAFE Webinar Series Recap: SMB Security for Every Phase of Growth

By | June 10th, 2014|Uncategorized|

CS_Infographic_SMB2014_FINALweb3Small businesses are in a tough position when it comes to cyber security. They face a growing number of threats and attention by cyber criminals and don’t have the time or resources that larger enterprises have to devote to cyber security. As instances of data theft, malware and other risks grow, it is going to become increasingly important for small businesses to be aware of the threats they face and learn how to address them effectively and with limited resources.

This is the topic that Byron Acohido, The Last Watchdog and The Securitist, Aaron Hanson, Symantec and CSID’s own Bryan Hjelm tackled in our most recent installment of our cybeSAFE webinar series.

Panelists took an in-depth look at the different threats SMBs face in different phases of growth and provided solutions for how best to tackle them. You can watch a recording of the webinar when available below. The group also summarized findings from CSID’s most recent SMB survey.

This year’s SMB survey found that there is a disconnect between awareness and action when it comes to SMB security. In the survey 63 percent of small businesses reported that they are worried about undetected malware, 38 percent are worried about phishing attacks and 41 percent are concerned about breaches causes by human error. Despite these worries, 31 percent of responding businesses are still not doing anything to protect against these threats.

To bridge this gap, SMBs need to focus on the security basics:

  • Awareness – Know and understand the threats that can impact your business.
  • Education – Educate employees on the importance of workplace security and choose vendors with superior security reputations. The more well-educated your workforce is on the importance of security, the more likely they will be to employ better online habits at work and in their personal lives.
  • Monitoring – Take advantage of software solutions that can help monitor the security of your business. Anti-virus solutions can help protect against malicious malware and VPNs can help secure business data when conducting business outside of the company network.
  • Damage Control – Have a breach preparedness plan. While a plan may not reduce the cost of repairing a data breach, it certainly helps keep your customer relationships intact and reduces business reputation damage.

If you have any questions about SMB security, we encourage you to check out the resources linked to on this page and our corresponding infographic. You can also reach out to us via Twitter and Facebook. Find out more about CSID’s cyberSAFE webinar series and watch previous recordings.


News Recap: Online Activity Declines Following Data Breaches

By | June 9th, 2014|Uncategorized|

blog_060514It’s no surprise that small businesses would be impacted by recent retailer data breaches, including Target and eBay. A recent USA Today survey shows just how these breaches have affected online spending and account monitoring of individuals.

Elizabeth Weise and Jessica Guynn of USA Today, shared the results of the USA Today survey that found nearly a quarter of Americans have altered their online purchasing habits due to security concerns brought on by recent data breaches in major retailers.

“A full 24% of those surveyed said they had stopped buying anything online in recent weeks because they were concerned about the safety of information they might put online,” Weise and Guynn state, “Most surprisingly, 56% said they had cut back on the number of Internet sites they used and were only going to large, well-known companies they were confident were safe.”

Helen Leggatt of BizReport also shared findings from the USA Today survey that examines how individuals’ online behavior has changed to protect information that is already online. Leggatt writes, “The survey found that those with lower education and incomes were among those most likely to cease making online purchases while those with higher levels of education and income were more likely to continue shopping but take more precautions.” Leggatt points out that the USA Today’s survey results are similar to those of a Harris Interactive survey conducted earlier this year,” that prove consumers are more cautious when shopping online.

How do data breaches – even breaches that are not directly connected to your business – impact your business’ reputation and security? What measures are you taking to ensure you don’t encounter a breach of your own? How can your company reassure consumers that might be concerned about their online security? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Be Your Own Hero Against Cyber Criminals

By | June 6th, 2014|Uncategorized|

Guest Post 5This post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.

This cyberSAFE guest blog post comes to you from Ginger Hill, Associate Content Editor at Security Today Magazine.

Small and medium-size businesses (SMBs) are extremely valuable as they play a vital role in creating new jobs and making sales to help stabilize the economy. As such, cyber criminals find small businesses very intriguing. Here are a few reasons why cybercriminals target SMBs:

SMBs data is more valuable than they think. Most SMBs think that because they are a small business, cyber criminals won’t be interested in their data. Wrong! Even if you have only 5 employees, you have stored their personal data somewhere. Cyber criminals would love to get their hands on that information, along with the business’ bank account information and other data deemed valuable.

Attacking a SMB is very low risk. Cybercriminals attack SMBs because they typically represent the path of least resistance. Companies with poor defenses, lack of security skills and vulnerable end-users have the perfect formula for a cyber-attack. Plus, the risk is low and the payout is high as SMBs have valuable data.

SMBs are an easy target. Enterprises have the means to provide layers upon layers of security, making them harder for cybercriminals to penetrate. SMBs, however, may not have the capital to invest in highly sophisticated security measures. Plus, the majority of SMBs do not have any data security policies. Remember, cybercriminals always take the easy path.

SMBs aren’t in the know. SMBs take a huge amount of time investment to make them successful. Therefore, owners are limited in the amount of time they have to dedicate to protecting their data. With this time constraint also comes the lack of time to learn about and keep up with all the cyber threats lurking around the corner. Cybercriminals realize this, choosing to prey on the weak.

Feel helpless against cybercriminals? Don’t! Here are a few ways cost-effective ways SMBs can become a hard-to-target entity:

Go beyond antivirus protection to develop layers of protection. Protect data with unique passwords, PINs, biometrics, etc. Consult with an ethical security integrator for suggestions.

Encrypt your data. This will make it very difficult for hackers to read your data, taking the ease out of gaining access to your valuable information.

Dedicate time to education. Set aside weekly time to learn about the cyberattacks that are taking place in this day and age. The more you know, the more effectively your can fight against these attacks to further protect your data.

6 Tips To Make Your SMB More Secure

By | June 5th, 2014|Uncategorized|

guest blog 4This post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.

This cyberSAFE guest blog post comes to you from Emily, the Director of Digital Strategy and Awareness Campaigns at the National Cyber Security Alliance, an awareness group that educates and empowers our digital society to use the Internet safely and securely at home, work and school, protecting the technology individuals use, the networks they connect to and our shared digital assets.

Small and medium-sized businesses have become bigger targets for cybercriminals. Why? Because the bad guys know small businesses (SMBs) have fewer defense resources than large enterprises and hold just as much personal and financial information.

Even if your company doesn’t have the financial capacity or bandwidth of a large corporation, you can still protect your business, employees and customers from threats.

Here are 6 ways to make your small-to-medium-sized business safer and more secure:

  • Assess your risks. Take an inventory of your current business practices: What steps are you taking to secure your devices, networks, email, Wi-Fi, etc.? How do you protect the data you collect?
  • Monitor threats. You don’t need to be a cyber security expert to ensure that your business is protected, but it’s critical that you understand the online threats to your company’s network. Awareness of key threats—like spam and phishing—will help you employ practices and behaviors that limit your company’s risk.
  • Implement a cyber security plan. The Federal Communications Commission created the Small Biz Cyber Planner to help businesses evaluate their current cyber security state and create a plan.
  • Train your employees. It’s important for employees to understand basic cyber security hygiene, including keeping a clean machine, following good password practices, backing up their work, not clicking on suspicious links and speaking up if they notice strange activity on company computers. A good way to start the conversation is with STOP. THINK. CONNECT., the national cyber security education and awareness campaign, where you can download free tip sheets, posters and other resources.
  • Protect your customers. Following a few simple practices can help protect your business from incurring expensive and dangerous data breaches, and give your customers piece of mind.
    • Have (and follow) a privacy policy – your website should have a privacy policy that explains what customer information you collect, and how you store and use it.
    • Know what you have – you should be aware of all the personal information you have about customers, where you store it, who has access to it and how to protect it.
    • Keep the customer data you need and delete what you don’t.
  • Report cyber attacks. If your business has been victimized, you should notify the appropriate authorities. Learn what organizations you should contact on

For more information about making your small biz cyber-secure, check out the National Cyber Security Alliance’s Business Safe Online section.

Small Restaurant Owners Should be Concerned About Breaches

By | June 4th, 2014|Uncategorized|

This post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.

guest blog 3This cyberSAFE guest blog post comes to you from Eva Velasquez, the President/CEO at the Identity Theft Resource Center, a non-profit organization which serves victims of identity theft. Ms. Velasquez previously served as the Vice President of Operations for the San Diego Better Business Bureau and spent 21 years at the San Diego District Attorney’s Office.

The number of data breach incidents occurring in the U.S. is continuing to rise. In 2013, the Identity Theft Resource Center (ITRC) recorded 30% more breaches than the number tracked in 2012. Data breaches can affect any entity or business in any industry sector – including restaurants. In fact, according to Visa, from 2009 to 2011 there was a large increase in the percentage of breaches in the restaurant industry, from a reported 29% in 2009 to 73% in 2011. Additionally, the 2013 Verizon Data Breach Incident Report indicated that retail environments and restaurants represented 24% of the 621 breaches included in that report. Restaurants are vulnerable for multiple reasons: employees have the ability to use skimmers to collect the personal information of customers; a high level of risk for POS intrusions (Point of Sale), which makes them a target for cyber criminals; and, large volumes of transaction records, which cyber criminals view as valuable. The fallout from a breach at your small business can be widespread and devastating. The trust factor of restaurant patrons can be negatively impacted when a restaurant is breached. In late 2013, when a large restaurant chain was breached in Boston, local restaurant goers spoke with news stations stating they would be switching to cash in order to protect themselves. However, this is not as convenient as being able to use credit cards and patrons may choose to go to a different restaurant if your business has had a reported breach.

The cost factor involved in a data breach incident can also prove to be very expensive. Associated expenses can include the cost of notifying individuals who have had their information breached or potentially compromised, credit monitoring for those affected, investigation efforts to determine the cause, and implementation of information security measures to minimize future risk. In addition, restaurants may have to engage in public relations to mitigate the backlash from a breach. Finally, there may be fines or civil actions for lack of safeguards, which could have prevented the breach.

However, the picture is not completely bleak for restaurant owners. There are a few ways these small businesses can be proactive against a breach. First, they can begin accepting ‘Chip and Pin’ cards. Chip and Pin cards have proven to be much more fraud resistant than either chip and signature cards, or those which hold the user’s information on the magnetic strip. While this technology is widely used in Europe, it has not become commonplace in the U.S. Restaurants should also make sure they are PCI-DSS compliant. Vendors can receive help from the PCI Security Standards Council to ensure they are compliant.

Second, restaurant owners should work with their payment system provider to make sure they are following best practices for security, and that any third-party service provider has sufficient data security protocols and security measurements in place. Small actions such as changing default credentials on payment system software or stronger password management can have a big effect on minimizing an organization’s risk of being breached.

And lastly, restaurant owners should train all employees on how to protect customers’ data and inform them as to why this is important. If a restaurant values its customers, it should also value their personal information and keep it safe. So, if there is a breach, how should a small business react to protect its customers and itself? All restaurants should have a written data breach incident response plan. This plan, with established protocols, will help establishments be prepared to effectively address the situation whenever it occurs. A breached restaurant should be honest with the public and communicate quickly and truthfully with those who may have been affected. They should also work actively with law enforcement to investigate the incident and obtain as much information about the breach as possible. This way, small restaurant owners can inform their customers and know how to stay protected in the future. They should also provide credit monitoring to their affected patrons and work with the ITRC to assist their customers who may need help or have questions.

Your Small Business is Big Business for Cybercriminals

By | June 3rd, 2014|Uncategorized|

public wifiThis post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.

This cyberSAFE guest blog post comes to you from Kent Lawson, founder and CEO of Private Communications Corporation and creator of its flagship software PRIVATE WiFi. In 2010, after 12 years of retirement, Kent became interested in Internet privacy and security issues and the vulnerability of wireless communications in WiFi hotspots. He created Private Communications Corporation to protect consumers and corporations from privacy and security breaches on the Internet. PRIVATE WiFi, the company’s first product, protects individuals and business people while using laptops and other mobile devices at public WiFi hotspots.

Do you think your business is too small to have data that’s valuable to hackers? If that’s the case, you may be unknowingly exposing it to cyber threats that could spell disaster for your business. A whopping 42 percent of SMBs said they experienced a cyber attack within the past year, according to the 2013 Risk of an Uncertain Security Strategy study by the Ponemon Institute. Yet, despite that hair-raising statistic, 58 percent of the SMBs surveyed said senior management doesn’t consider cyber attacks a significant risk to their organizations. How’s that for denial?

It’s not surprising that cyber security complacency continues to make SMBs prime targets for cybercrime. Small and midsize businesses are lagging behind in their cyber security efforts, according to Symantec’s Internet Security Threat Report 2014. As a result, SMBs experienced the highest number of targeted attacks overall last year, nearly double the number from 2012. Even worse, those attacks lasted longer than ever.

Granted, it’s hardly a level playing field when it comes to SMBs and cyber security. Smaller businesses may not have a full-time IT staff like larger companies. They might not have a company network or maintain a corporate VPN. To control costs and improve productivity, SMBs may allow employees to use their personal mobile devices for work. But without a strong BYOD policy, the blurred line between personal and professional time opens the door to compromising company data.

SMBs and Mobile Devices: Who’s Minding the Store at WiFi Hotspots?

Nowhere is that security vulnerability more obvious than when employees connect to public WiFi hotspots. Since most WiFi hotspots aren’t encrypted, the data traveling them can literally be grabbed out of thin air. As a result, data theft is rampant. But that threat hasn’t stopped workers from routinely logging into hotspots. A 2013 survey by GFI Software revealed that over 95% of workers admitted using public WiFi connections at least once a week during their commutes to carry out work-related tasks, such as sending and receiving email, reviewing and editing documents and accessing company servers. More than one-third (34.2 percent) reported that they accessed public WiFi at least 20 times per week.

Think of it this way: Every time an employee accesses company information on a WiFi hotspot, the likelihood that your business will be the victim of a cyber attack goes up. For many SMBs, that risk isn’t hypothetical. More than 40 percent of small businesses report that they have been victims of a cyber attack that cost them thousands of dollars, according to a 2013 survey conducted by the National Small Business Association. Have you considered how much a cyber attack could cost your business? For many, the cost was too high: 72 percent of small businesses that suffered a major data loss shut down within 24 months. Make sure it doesn’t happen to you.

These are the simple steps you can take to protect every mobile device that touches your business.

How SMBs Can Secure the Mobile Workplace

  • Make sure to install firewall and anti-malware apps on all mobile devices used for your business, and promptly install app and OS updates.
  • Use strong passwords of upper and lower case letters, numbers and symbols and different passwords for each site. And uncheck the box that automatically saves them.
  • Check before connecting to hotspots with strange names. Watch out for unusual variations in the logo or name of the establishment that appears on the login-page. That could mean it’s a fake hotspot designed to steal your data.
  • Disable features that automatically connect your device to any available network. This will prevent you and your employees from accidentally connecting to a fake WiFi hotspot or a stranger’s computer.
  • Disable printer and file sharing options before connecting to a hotspot.
  • Limit your employees’ access to company data to include only what they must have to do their jobs. Also, make sure all the mobile devices used to conduct business – laptops, smartphones, and tablets – are protected by a VPN. VPNs like PRIVATE WiFi encrypt the data traveling to and from your mobile devices, which makes it invisible to hackers.

Employee Social Media Use Can Affect Small Business Reputation

By | June 2nd, 2014|Uncategorized|

Social guest postThis post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.

This cyberSAFE guest blog post comes to you from Jasmine McNealy, Assistant Professor at the University of Kentucky and privacy and law blogger at Unmasking Doe.

Social media has proven an indispensable tool for businesses of all sizes. It’s used by organizations to manage customers, respond to complaints, and to build social capital. And social media can certainly can build or ruin a reputation. This is, no doubt, one of the reasons that over 15 million businesses, companies and organizations have pages on Facebook.

But it is not solely corporate use of social media tools and sites that should be of concern when building a business reputation. Employee social media habits – including inappropriate posts and insecure password practices – can affect an organization both positively or negatively. Many social media users display affiliation information in their online bios, and tools like LinkedIn make it easy for anyone to find out the name of a user’s workplace. Usually, this affiliation information or the ability to find an individual’s employer is benign, and the employee’s use of social media has no effect on company reputation. Yet, when that employee is involved in or says something untoward on social media, or a hacker gets hold of an employee’s credentials, there can be consequences for their employer as well.

One need only consider the recent Justine Sacco tweet scandal for an illustration of this. In December 2013, Sacco, then a corporate communications professional at leading Internet company IAC, tweeted, “Going to Africa. Hope I don’t get AIDS. Just kidding. I’m white!” before embarking on a many hours long plane trip to South Africa. Twitter reaction was swift and brutal, with the hashtags #JustineSacco and #HasJustineLandedYet trending for hours while watchers waited for her plane to land. Although Twitter’s reaction to her, individually, was considerable, the response of her employer was also significant. The company fired Sacco, but not before being contacted via Twitter, phone, email and other social media inquiring about its reaction to its employee making such statements.

It would be nice to say that incidents like that of Sacco are few and far between. Yet the continuing growth in social media outlets and use make all organizations vulnerable to having to go into crisis communication mode as a result of an employee’s comments. Here are a few tips that may help to mitigate this concern:

  • If you encourage employee social media use, consider requiring that employees make separate personal and professional accounts.
  • Require that social media passwords must be different from work logins. Employees should not reuse their work emails and passwords for personal sites. This serves as a barrier of protection for work accounts, in case an employee’s social media account is hacked into.
  • Make sure that the corporate social media accounts are the most popular. In this way customers and other consumers may recognize the organization’s statements as reflective of corporate conscious.
  • Never attempt to censor employees. Instead, offer social media training that increases their information literacy, and allows them to understand that actions (or speech) have consequences. Let them know what is appropriate to post on social media and what is sensitive company information.
Load More Posts