Looking for a way to protect your business against cyber crime? Ron Teixeira, Executive Director for the National Cyber Security Alliance shares insight with small business owners about staying safe from computer crime.
What are the biggest areas of vulnerability for cyber crime?

The two biggest areas of vulnerability for small businesses are …
1) Not properly securing their wired or wireless networks. Small businesses, like consumers, need to ensure that all computers connected to the Internet are secured with the proper security technology – regularly updated anti-virus, anti-spyware and firewall software installed – and make sure their operating systems and web browsers are regularly updated.

2) Lack of employee education and awareness or not creating a “culture of security” within a business. IT infrastructure and cyber security technology alone are not effective in combating cyber crime. And while employees play a role in fostering and maintaining a secure environment, it is up to the business owner to create a culture of security amongst employees.

Many business owners simply look to technology as the way to secure their cyber security vulnerabilities and protect their systems. However, employees with access to the Internet play a large role in a business’s overall cyber security.

According to a 2007 Computer Security Institute study, insider abuse of a business’s network or email edged out virus incidents as the most prevalent cyber security problem for businesses (59 percent vs. 52 percent reporting respectively). A study analyzing Department of Justice Prosecutions of Network Attacks that occurred during the years 1999 to 2006, conducted by Trusted Strategies, shows that 88% of cyber crimes against corporate networks were caused by the hacker or criminal obtaining an employee’s ID and login information through unsophisticated methods like phishing emails or password cracking programs.

At the same time, a National Cyber Security Alliance/Cisco Small Business Survey found that only 59% of employees surveyed were required to sign a security agreement. This is a basic step needed to clearly outline an employee’s role and expectations in protecting consumers’ data and the company’s network and computers and sets the tone for a “culture of security.”

What are the most important steps small business owners need to take to protect themselves, their employees, and their customers from cyber crime?

The National Cyber Security Alliance  and Capital One are working together to help educate small business owners about the importance of online fraud prevention as well as providing best practices to help mitigate costly and potentially dangerous cyber attacks. Together, the NCSA and Capital One suggest business owners take the following steps as a way to start protecting their businesses from cyber crime right away.

Conducting a risk assessment – In order to protect customer information, small business owners need to conduct an initial risk assessment of their online and operating systems.

Educating employees – It is essential that managers and employees have a basic understanding of cyber security, including company-specific procedures and overall best practices.

Backing-up critical information – Make regular (weekly) back-up copies of all important data and information.

Creating a contingency plan – Small business owners should have a contingency plan in place in case the business suffers a cyber security attack.
Signing a security agreement – Have all employees sign a security agreement in order to demonstrate that they are taking cyber security seriously and are active participants in helping to maintain a secure online environment.

To find more information on these tips and the steps small businesses can take to protect their customers, their business and our country, go to StaySafeOnline.org or The Capital One Small Business Resource Center web site.

What should a small business owner do if he or she realizes a cyber crime has taken place?
Small business owners should report any suspicious online activity or known Internet crime to the proper authorities. If fraud or criminal intent is suspected, it should be reported to local law enforcement agencies, the local Federal Bureau of Investigation, Secret Service, or State Attorney General’s office. Moreover, some states require business owners to notify their customers if hackers or thieves could have had access to customers’ unencrypted personal information.