4 SMB Cybersecurity Tips from the FBI

4 SMB Cybersecurity Tips from the FBI

John Iannarelli

John Iannarelli, former FBI Special Agent offers 4 SMB Cybersecurity tips.  Is your business safe from the cybersecurity threat? 

According to the Allianz Risk Barometer for 2020, cyber incidents ranked as the number one business risk in its ninth annual survey of risk experts.

Based on the above, I just interviewed former FBI Special Agent John Iannarelli (http://fbijohn.com/) in between his national television appearances on Fox News and Fox Business.

Mr. Iannarelli retired from the FBI after more than 20 years of service, during which time he was the FBI’s National Spokesperson, on the FBI Cyber Division executive staff, an FBI SWAT team member, and the Assistant Special Agent in Charge of the FBI’s Phoenix Division, where he oversaw all Criminal, Cyber, and Counter Intelligence investigations throughout Arizona.

Since leaving the FBI, Mr. Iannarelli is an active contributor for national news outlets, keynote speaker, author, and security consultant.

I asked Mr. Iannarelli for simple advice on how to keep small businesses safer in 2020.  Here are his 4 cybersecurity tips for small businesses and sole proprietors:

Ransomware

Maintaining a strong firewall, keeping your security software up to date, and the patching of vulnerable software is critical”, said Iannarelli. He also said, “The restoration of your computer files from a backup is the fastest way to safely regain access to your data.”  Mr. Iannarelli recommends “to not pay the ransom as there is no guarantee that you will be able to regain access to your files and that once you pay the cybercriminals they are likely to attack again.” 

Free Public Wi-Fi  (Public Wifi is Putting You at Risk)

Hackers steal consumer data from devices connected to unsecured networks by positioning themselves between you and the connection point. This means that instead of talking directly with the hotspot, you end up sending your data to the hacker. Mr. Iannarelli recommends “use of VPN encryption to help prevent cybercriminals from hacking into your WiFi connection and intercepting the data you send and receive.” 

Vendor Due Diligence

According to the Ponemon Institute, third-party breaches remain a dominant security challenge for small and large businesses.  Over 63% of data breaches are linked to a third party. He said, “Small businesses should establish information security and governance best practices including a data breach and incident response policy and plan.”.   A plan will protect your business, help win new business, and elevate your due diligence profile.

State and Federal Notification Laws

Since the United States does not have a Federal Privacy law.   Mr. Iannarelli stated“understanding current state privacy laws where your small business conducts business is critical to responding to a data breach event in a timely and effective manner.” 

If you have been victimized by an online scam or any other cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office.

By Mark Pribish
Vice President and ID Theft Practice Leader

43% of Breaches Affect Small Businesses

43% of Breaches Affect Small Businesses

In the recently released 2019 Verizon Data Breach Investigations Report (DBIR), Verizon found that 43% of breaches affect small businesses and that a third (32%) of breaches involved phishing, a form of social engineering.

Verizon built this report upon the analysis of 41,686 security incidents and 2,013 confirmed data breaches, the Verizon DBIR digs into the overall threat landscape, the actors, actions, and assets that are present in breaches.

The 2019 Verizon Data Breach Investigations Report (DBIR) Key Takeaways (please see here) highlights 12 key takeaways including:

 

  1. Financial gain remains the most common motivate behind data breaches (71%)
  2. 43% of breaches affect small businesses
  3. Phishing Phunny!A third (32%) of breaches involved phishing
  4. The nation-state threat is increasing, with 23% of breaches by nation-state actors
  5. More than half (56%) of data breaches took months or longer to discover
  6. Ransomware remains a major threat and is the second most common type of malware reported
  7. Criminals increasingly target Business Executives with social engineering attacks.
  8. Crypto-mining malware accounts for less than 5% of data breaches, despite the publicity it didn’t make the top ten malware listed in the report
  9. Espionage is a key motivation behind a quarter of data breaches
  10. 60 million records breached due to misconfigured cloud service buckets
  11. Continued reduction in payment card point of sale breaches
  12. The hacktivist threat remains low, the increase in the DBIR 2012 report appears to be a one-off spike

An interesting takeaway:

Cyber attackers target the network, where executives are “six times more likely to be a target of social engineering than they were only a year ago; and, C-level executives are 12 times more likely to be the target.”

This means that Business Email Compromises (BEC) are proving successful for ID theft criminals and cyber thieves.

Verizon stated that BEC breaches represented 248 (18%) confirmed breaches out of the 2,013 confirmed data breaches. In addition, Risk-Based Security recently announced the release of its Q1 2019 Data Breach QuickView Report highlighting how over 1,900 data breach events — exposing over 1.9 billion records — were reported in the first three months on 2019.

According to Risk Based Security, “no other first quarter has seen this level of activity, putting 2019 on pace to be yet another ‘worst year on record’ for the number of publicly reported breaches.”

The report found “that 67.6% of records compromised in Q1 were due to exposure of sensitive data on the Internet.”

If you are a small business, considering Identity Theft Protection as an Employee Benefit or a breach readiness and response program is worth considering!

error

Enjoy this blog? Please spread the word :)