Increase in Off Site Workers Intensifies Small Business Data Risks

Small businesses have become more aware over the years of the importance of data protection and backup. It’s a rare company that doesn’t have backup procedures in place, but it’s always a good idea to make sure those policies and procedures are up to date. Since surveys show that the average data breach costs a company $7.2 million, or $214 per breached record, properly protecting your company’s data should always be one of the top items on your priority list. Plus, many states are enacting laws about customer data privacy and security, and at this writing, 46 states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
Experts recommend that you routinely back up your data, develop data and disaster recovery plans and educate your employees to the importance of customer data security.
The last is crucial in today’s increasingly mobile society. A recent survey has found that up to 80% of workers in small to midsize businesses routinely use their own portable devices such as laptops, iPhones and iPads to work from home or on the road. Although most companies have formal policies in place to protect their vital data in the office, a surprising data protection gap has emerged with the growth of off site workers. Fully one third of companies let employees make their own decisions about how -or whether – to back up company and client data on their own devices and as a result, valuable data could easily be lost or compromised. Instead of these informal arrangements, it’s a good idea to implement a formal Acceptable Use Policy that may include installing security software on the employee’s device.
If your business entails storing personal customer data electronically, you should talk with your independent insurance agent about exactly what your business liability insurance covers and discuss whether you need a specialized product to cover data loss coverage and electronic data liability to deal with the aftermath of a data breach. And while you’re having that discussion, you might also inquire about cyber liability coverage for protection against various legal liabilities related to disseminating information via the Internet.

FBI fraud alert: warnings about new scams via phones and social networks

Whether it’s via new media like social networks or “old school” technology like your home phone, don’t let your guard down. The FBI recently has issued warning about two scams that are surfacing.
Denial of service phone attacks
The FBI has issued a warning about a new phone scam which uses telephone denial-of-services (d.o.s.) attacks to overwhelm victims’ cell phones and land lines with thousands of calls. This diversionary tactic ties up service to give criminals time to empty out the victim’s bank or brokerage accounts. Prior to the phone attack, the criminal would have obtained the victim’s bank account numbers and password, either via malware that the victim has inadvertently downloaded or via information the victim gave out on the phone or in response to e-mail phishing. The subsequent DOS attack serves both as a distraction, and also prevents a victim from calling to make account changes to protect their accounts.
Social networking scam: your friend is stranded
Scammers send notices to your Facebook or Twitter contact list posing as you and telling your contacts that you are stranded after a robbery (or some similar calamity) and that you need help quickly. Of course, the requested help is urgent and would be in the form of cash. To avoid being taken in by such a scam, be alert and aware and simply verify any pleas for help before acting on them. And if you think your account has been hacked and that false messages are being sent to your contacts, post a note on your page alerting your friends and family that your account may be compromised and to ignore any such messages.
To protect yourself from these and other scams, the FBI suggests:

  • Implement security measures for all financial accounts by placing fraud alerts with the major credit bureaus if you believe they were targeted by a TDoS attack or other forms of fraud
  • Use strong passwords for all financial accounts and change them regularly
  • Obtain and review your annual credit report for fraudulent activity
  • If you are a target of a TDoS attack, immediately contact your financial institutions, notify your telephone provider, and promptly report it to the IC3 website at:

Other resources