Data breach at Target highlights need to focus on cyber security

12/27/2013, 6 a.m.

As big banks and credit card companies scramble to protect consumers after a massive data breach at retail giant Target, small-business owners also should be concerned about cybersecurity.

Between Nov. 27 and Dec. 15, cyber thieves made off with data from 40 million credit and debit card accounts of people who shopped at Target’s 1,800 stores in the United States and 124 in Canada.

As stolen data flood the underground black market, at least three class-action lawsuits have been filed.

The U.S. Small Business Administration says cyber threats are an issue for everyone, and small businesses are becoming more common targets for such threats and crimes because they often have fewer preventive or responsive resources.

It offers some of the essentials in “What is cybersecurity?” its latest online training course.

With the help of technology and best practices, cybersecurity is the effort to pro-tect computers, programs, networks and data from attack and damage.

Why is cybersecurity important?

Consider all the information you have that needs to be secure – personal information for employees, partner information, sensitive information for customers/clients, and sensitive business information.

It’s essential to do your part to keep these details safe and out of the hands of those who could use your data to compromise you, your employees and your small business.

CNN reports that nearly half of the data breaches that Verizon recorded in 2012 took place in companies with less than 1,000 employees. A Symantec report showed that 31 percent of all attacks in 2012 happened to businesses that had less than 250 employees, and another Symantec report showed cyber attacks were up 81 percent in 2011.

Common cyber threats and crimes

There’s a broad range of information security threats. Some of the most common include Web site tampering, data theft, denial-of-service attacks and malicious code and viruses.

Website tampering can take many forms, including defacing your site, hacking your system and compromising Web pages to allow invisible code that will try to download spyware onto your device. Data theft also can come in various forms, and the problems depend on what kind of data is stolen. Examples include theft of computer files; theft of laptops, computers and devices; interception of emails; and identity theft.

A denial-of-service attack happens on a computer or Web site and locks the computer and/or crashes the system, resulting in stopped or slowed work flow. Malicious code and viruses are sent over the Internet and aim to find and send your files, find and delete critical data, or lock your computer or system. They can hide in programs or documents and make copies of themselves – all without your knowledge.

What can I do?

The first step to protecting the information in your business is to establish comprehensive security policies – and keep them up-to-date. Make sure your employees know and adhere to your policies and best practices for Internet, email and the desktop.

Tips to keep in mind:

n Don’t respond to popup windows telling you to download drives.

n Don’t allow Web sites to install software on your device.

n Don’t reply to unsolicited emails.

n Use screen locks and shut off your computer at the end of the day.

Ensure that your computer hardware and software are updated regularly. Change passwords periodically and use firewalls to protect your systems. You also should back up your data on a regular basis so that if anything is compromised, you have a copy.

To learn more about how to help make your business more cyber secure, check out the self-paced online training course “Cybersecurity for Small Businesses” at www.sba.gov.