advertisement

Business owners still the front line in cybercrime war

The U. S. government took a step in the war against cybercrime recently with the Senate's approval of a law designed to detect cyber attack patterns and target hackers, as well as give the country power to go after hackers around the world.

The Cybersecurity Information Sharing Act creates a system for companies to voluntarily share security data with the Department of Homeland Security. Under the measure, the federal agency would compile and analyze the information to detect patterns and alert companies of cyberattacks. An amendment introduced by Illinois Sen. Mark Kirk also requires the State Department to press countries to extradite cyber criminals, track where hackers are hiding and what is being done to stop them.

“Last year hackers stole more than 40 million Americans' credit card numbers, but many of them continue to escape prosecution by hiding in countries that do not cooperate with U.S. authorities,” Kirk said in a statement shortly after passage of the bill. “Putting pressure on these countries to crack down on cybercrime and extradite more hackers to the U.S. will help us protect Americans from cyberattacks and bring these hackers to justice.”

‘A drop in the bucket'

But while the Senate's actions are well intentioned, many IT and security experts say this won't be the guard dog that will fend off cybercriminals.

“The Act is a drop in the bucket compared to the problem that we face,” warns Deb Reiter, chief executive officer of CMIT Solutions of The Tri-Cities in Batavia. “It's an ‘after the fact' measure. They'll look at the signature of a found virus, but that doesn't do me any good if I'm the first one to encounter it.”

Reiter and others stress the onus remains on business owners to be alert and prepared to protect themselves from potential hackers.

“People need to realize it's not a question ‘if it will happen,' it's a question of ‘when it will happen' and what can I do to reduce my exposure,” Reiter said.

Small business, big priority

While larger companies have stepped up measures to protect their data from hackers, Reiter warns many small and mid-sized business owners still don't have data security high on their priority list — mainly because they believe their company is too small for a hacker to be interested in it.

“People don't get it that (hackers) don't know who you are,” she said. “The hackers are doing a shotgun approach to see where it will stick. People don't realize they're a target just by bring on the Internet.”

Another concern is that small business owners are more concerned with protecting customer data than their own, but Reiter noted viruses and ransomware can bring a business to a halt if its own data is not protected.

Knowledge is power

So what steps can a small-business owner take? The most important and easiest measure is make sure your staff is educated on the company's polices and procedures in using company equipment, the Internet and mobile devices.

“In many ways, education is more important,” Reiter said. “We're seeing more emphasis on giving people the information to make the right choices.”

Other simple steps including making sure your software is up-to-date, including downloading the latest software patches, maintaining strong passwords and changing them frequently, having a reliable data backup system and regularly testing it, and running a business-class anti-spam filter on your email system.

Reiter also recommends having someone in your company designated as a security officer, who knows what needs to be done in case of an emergency and can act quickly if something happens.

“You have to be vigilant and you have to take the attitude that ‘it's going to happen, so how am I going to recover from it?' ” she said.

What to do if you're hacked

Even if you take precautions, there is no guarantee you will be safe from cybercrime.

So what happens if you discover you've been hacked or infected? Deb Reiter, CEO of CMIT Solutions of The Tri-Cities in Batavia, offers these four basic steps:

1. Shut down the affected computer and disconnect it from the Internet. “You don't want to infect the network,” Reiter said.

2. Report the breach to your company's compliance officer, manager or “someone who is responsible for security” in your company.

3. Get assistance from an IT specialist.

4. If the breach warrants it, contact your local law enforcement agency.

Article Comments
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.