Failing to make cyber security a priority is costly for small businesses and customers.

According to a recent survey, only 20 percent of consumers said they would continue shopping at a store that had a data breach, whereas 85 percent surveyed said they would increase their shopping at a store known for its good cyber security practices.

the National Cyber Security Alliance (NCSA) challenges small businesses to make cyber security a top priority. While the public is fixated on high-profile corporate and government database breaches, hackers and identity thieves are increasingly targeting millions of small businesses. According to a FBI Cyber Crime Study, 90 percent of small businesses had at least one cyber security incident within the past year. Not taking the correct cyber security precautions and approach makes small businesses’ computer networks easy targets. Hackers can easily steal from and use these networks as launching pads to attack others, send phishing emails, and even steal from home users.

“Consumers are starting to hold businesses accountable for how they protect sensitive information and will punish or reward a company based on how it approaches cyber security,” said Ron Teixeira, executive director of the NCSA.

In fact, according to a 2006 AT&T report, only 28 percent of businesses surveyed considered cyber security a top priority. “Cyber security apathy” continues to put small businesses’ customers’ financial information at risk and also provide hackers with a means to attack others on the Internet. Unfortunately, “cyber security apathy” is a reason why many small businesses and their customers become cyber crime victims. According to Symantec’s recent Internet Threat Report, 82 percent of data breaches, data theft and data loss could have been avoided if only the businesses had a cyber security plan in place.

Implementing a security plan not only makes good business sense but is necessary for maintaining a loyal customer base. This is why the NCSA is working to insure small businesses have access to information on security practices that will help protect them from cyber threats in a cost effective manner. Small business can begin to develop a cyber security plan by using the NCSA’s tips. These steps include:

• Ensure that all employees use effective passwords, and when possible, stronger authentication technology. Encourage passwords that are comprised of different upper and lower case letters characters, and change them every 60 to 70 days (not to exceed 90 days). For a more secure and reliable way to authenticate users and prevent hackers from stealing passwords, you may consider implementing some sort of multi-factor or strong authentication.


• Protect your systems. Install and use anti-virus programs, anti-spyware programs and firewalls on all computers in your business.


• Keep all software up-to-date. Ensure that all computer software is up -to -date and contains the most recent patches (i.e., operating system, anti-virus, anti-spyware, anti-adware, firewall and office automation software). Most security and operating systems contain automatic updates—make sure that function is turned on and sign up for security notifications from the software company.


• Create backups. Make regular (weekly) back-up copies of all of your important data/information. Store a secured copy away from your office location and use encryption to protect any sensitive information about your company and customers. Regularly creating back-ups better ensures that your critical data is not lost in the event of a cyber attack or physical incident, like a fire or flood.


• Be prepared for emergencies. Create a contingency plan for your business so you can recover if you experience an emergency. Include plans to continue business operations at an alternate location when necessary. Test your plan annually. For more information on how to develop a business plan to prepare for an emergency, go to http://www.ready.gov/business/plan/planning.html


• Encrypt your customers’ data. Protect your customers’ data from hackers and thieves by using encryption programs that encode data or make it unreadable, until you enter a password or encryption key. Some encryption programs are built into popular financial and database software and some broadband providers now include encryption for wireless networks as a part of their service.


• Report Internet Crime. Locate and join an organization of your peers for information sharing purposes. If you suspect fraud or criminal intent, report it to the local law enforcement agencies, the local Federal Bureau of Investigation, Secret Service, or State Attorney General’s offices. Moreover, some states require you to notify your customers if hackers or thieves steal or could have stolen your customers’ unencrypted personal information, including data residing on a computer stolen in the offline world. Check your state laws to see if this rule applies to your incident. To find out more information on how to report a cyber security incident, go to https://forms.us-cert.gov/report/ or http://www.ic3.gov/complaint/

The above tips are intended to provide a starting point for a more comprehensive information security plan.

About The National Cyber Security Alliance
A non-profit organization, the National Cyber Security Alliance (NCSA) is a central clearinghouse for cyber security awareness and education for home users, small businesses, and the education community. A public-private partnership, NCSA sponsors include the Department of Homeland Security, Federal Trade Commission, and many private-sector corporations and organizations.