10-04-13 | Blog Post
October is National Cyber Security Awareness Month (NCSAM), celebrated annually to highlight awareness about online security for consumers, small and medium-sized businesses (SMBs), corporations, educational institutions and young people nationwide.
NCSAM will focus on different aspects of online security, including mobile devices, cyber education (including workforce development in STEM – Science, Technology, Engineering and Math), cybercrime, and cybersecurity as it affects critical society infrastructure, such as transportation systems, electrical grids, emergency response systems and more.
Among the resources on their site include a 2012 NCSA/Symantec National Small Business Study that reveals 38 percent of business owners believe losing Internet access for 48 hours would be extremely disruptive to their business. Another 46 percent say a safe and trusted Internet is very critical to their business’s success. However, 32 percent believe a data breach would have a short-term impact on their business, while another 47 percent think a data breach would have no impact on their business as it would be viewed as an isolated incident.
A data breach can affect a company’s financials and credibility, as well as introduce legal issues, particularly if the data breached is considered protected health information (PHI) or credit cardholder data (CHD). Sometimes data breaches can also lead to jail time – a former employee at the Florida Hospital Celebration that accessed and sold 12k patient records was sentenced to a year in federal prison, while the health system the hospital was a part of was hit with a class action lawsuit. Read more in Healthcare Data Breach Leads to Prison Time; Class Action Lawsuit.
How might you avoid a similar fate? Look for a HIPAA compliant hosting provider if you’re in healthcare, or a PCI compliant hosting provider if you deal with credit card data. They should know which services can provide the level of security your industry requires.
The security study also asked business owners if they used any means of multifactor/strong/two-factor authentication to access their company’s online service provider – 75 percent answered no, and another six percent were not sure. Two-factor authentication provides an additional layer of defense to verify the identity of a user attempting to access a company’s private network, VPN (Virtual Private Network).
Considering that 33 percent of respondents stated they don’t use security solutions on remotely accessed data, and another 18 percent weren’t even sure if/how they implement security solutions for network and data accessed remotely, company data is put at further risk without the use of a multi-factor or private network tunnel.
When asked what types of applications services or data required two-factor authentication, the top answer was financial at 63 percent. See the rest of the data types below:
When asked if they used encryption for customer data, 25 percent replied no, another seven percent said no but they were interested, and 10 percent said they considered it but never implemented it. Only 23 percent actually encrypt their customer data. Encryption is a best security practice for keeping data safe even if accessed by hackers (if the key hasn’t been compromised). Read more about the different types of encryption in our Encryption of Cloud Data white paper.
Only five and three percent were concerned about hacking and cyber attacks, respectively. While some may not think about being a target, often a smaller company that is a subsidiary or vendor to a larger corporation is targeted for that very reason – security is lax due to smaller budgets and lack of vulnerability knowledge, so hackers may use them as an open door to access the bigger company.
For a layered security approach, consider using a variety of technical tools to create a defense in depth solution.