It’s not new news, but it is big news. Thanks to a wave of recent reporting on major cyber security breaches -- including accusations of Russian hacking and its alleged influence on the US 2016 Presidential election -- cyber vulnerability is top of mind for United States business owners and citizens.
Stories about big, corporate cyber security breaches make the news. Stories of individual identity theft, skimming and phishing scams are less likely to earn air-time, but the effects of all types of cyber hacking are devastating financially, and to those individuals affected, emotionally.
Fred Stringer, a cyber security expert with international experience building IT systems and troubleshooting security hacks, puts the issue in simple terms, “We have treaties that govern behavior in space and on the high seas; licenses that require tests and inspections to drive a car or operate a restaurant. But anyone can get on the internet with no training whatsoever, and very little knowledge of the dangers of connecting to the world wide web or how to protect themselves. Anyone can set up a server or an IP address and there’s very little regulation about what people can and cannot do.”
The fallout of this unregulated web, Stringer said, is cause for concern for anyone, but particularly small businesses.
On Jan. 19 Stringer and his colleague (and former Bell Labs employee) Larry Murphy will present a workshop at Bell Works, How to Assess Your Cyber Risk: A Crash Course For Small and Medium Sized Businesses.
A threat to more than just data
The consequences of security breaches for both businesses and individuals are serious, and can impact an entity’s financial health for years. Cyber hacking and fraud is estimated to cost the U.S. nearly $300 billion each year and nearly $500 billion worldwide. In the U.S. alone, 26 percent of entities claimed losses of $50,000 or more in 2013. Experts project that by 2018, a total of $101 billion will be spent across the world for information security measures and still, this effort will not come close to eliminating cyber threats.
Yet for businesses of every size and in every industry, the loss of dollars isn’t the biggest threat to profitability or even viability. Cybersecurity experts know that minimizing financial loss doesn’t even make the top three most important goals of IT security. The ‘priority of protection’ is actually:
In every instance when a business is targeted and a website is ‘brought down’ or customer information is stolen or confidential work product is compromised, it’s the company brand that is the most vulnerable to lasting, sometimes permanent damage. Customers who don’t trust a company’s brand don’t do business with that company...neither do potential partners.
Cloud based threats loom for small business
For entrepreneurs, start-up and pioneer business owners, the threat of cyber attack can be doubled. Not only may such entities be targeted due to the nature and profile of their business, but these businesses also use technology much like individuals, accessing programs, creating proprietary content and sharing that content with partners and employees over the cloud through programs like Google Docs and Basecamp. Many small business owners can share stories of working from a local coffee shop -- using free wifi to download and send confidential files containing proprietary information, personnel documents and banking tasks. Stringer says ‘free’ wifi access and apps advertised to ‘improve efficiency and save money’ are examples of ‘perfect invitations’ to be hacked.
The impact of criminal hacking is so costly that an entirely new line of business has been created -- ethical hacking. Ethical hacking as used by corporate and government entities, is a contracted service where teams of cyber experts are paid to hack into an organization’s IT infrastructure and probe for vulnerabilities. These consultants have also developed programs to test for potential vulnerability via employees. Carefully designed social engineering experiments use phishing scams to uncover individuals who are susceptible to breaking cyber security protocol. Once detected, vulnerabilities in both tech and personnel are addressed through improved technology and employee training and awareness campaigns.
That kind of large scale hacking program may be out of reach for most small and medium sized companies, but Stringer says, there are ways to minimize risk and protect against the most common cyber threats (even without hiring a company of ethical hackers to take down your website).
Login in to a secure best practice
“It’s all about adopting new behavior,” Stringer said. “We look both ways before crossing the street. We wear helmets when we ride a bike and seat belts in the car.... We take practical precautions against risk all the time, yet millions of us think nothing of jumping on a free wifi hotspot when we’re in a coffee shop or the mall. And right there is one of the greatest risks for identity theft or hackers downloading banking and other protected site passwords and login information. In less than a minute, someone can lose money and reputation just because they didn’t take the extra few seconds to log on using a VPN (virtual private network).”
Stringer and Murphy, also an expert in cyber infrastructure, say they are both increasingly alarmed by the growing vulnerability of individuals and businesses coupled with a seemingly decreased vigilance among internet users and/or willingness to take ordinary precautions against victimization.
“Most people don’t think they’re ‘big’ enough to be a target, but today, all hackers have to do is cast their nets wide enough and they’ll pull in anyone who’s made themselves vulnerable at that moment,” says Murphy. “Whenever you buy and install a device that connects to the internet -- if you’re not taking steps to protect the security of your information -- you are an instant gateway to hackers. You’re a target and eventually, you will be a victim.”
According to Stringer and Murphy, the time between turning on a new device and the first attempt to probe the new device or connection for vulnerability to hacking is twelve seconds.
And for those of us whose business depends on employing social media -- and everyone else in the world who has a smartphone or a computer -- social media is perhaps the fastest growing arena for hacking attacks that hijack personal identity and private information. Facebook stopped reporting statistics for cyber-attacks in 2011 -- after revealing that the social media giant was the target of more than 600,000 attacks every day.
“The time and energy it takes to protect yourself is minimal, compared to the risk and impact of being the victim of a hacker,” Stringer said. “So many simple things like changing a factory set password, using a VPN (virtual private network) connection when you’re away from your home or business, taking the time to use two-step authentication -- these are things that anyone can do to protect themselves or their business that most people don’t do or don’t know they should be doing.”
You can learn more about how to protect yourself, your family and your business at this free meet up at Bell Works on Thurs., Jan. 19 from 8-10 a.m. The workshop includes a continental breakfast.
Come with your own questions. Attendees will have an opportunity to engage in conversation with international cyber security experts about the current risk environment businesses face and what’s to come, and will receive:
- A checklist to help you assess your digital security risk
- A step by step guide to help you take immediate action to address risks
- Insights to plan for successful growth and asset investment.