Not surprisingly, after the cyber-attacks that occurred at a couple (or perhaps few) large retailers over the holidays there has been much discussion about the need to ramp up efforts to protect against such attacks. According to a Guide entitled Cybersecurity in the Golden State that was recently issued by California Attorney General Kamala D. Harris, “[i]n just the first three months of 2013, there were more than one billion Cyberattacks,” and “[i]n 2012, 50 percent of all targeted attacks were aimed at businesses with fewer than 2,500 employees.” It might surprise you, but according to the Guide, “[s]ecurity threats can be broadly categorized in to the following categories:
1. Social Engineering Scams 2. Network Braches 3. Physical Breaches 4. Mobile Breaches
The Guide is directed at small businesses to assist them in protecting against cyber-attacks and data breaches. It outlines recommendations for “businesses to help protect against and respond to the increasing threat of malware, data breaches and other cyber risks.” More specifically, a “cyber-attack” (aka “cyber-warfare” or “cyber-terrorism”) is generally understood to include “any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.” Examples of cyber-attacks include installing spyware on a personal computer or mobile device.
A “data breach” (aka an “unintentional information disclosure,” “data leak” or “data spill”) is generally is understood to be “the intentional or unintentional release of secure information to an untrusted environment.” “Secure information” includes sensitive, protected or confidential data. Incidents range from attacks by “black hats with the backing of organized crime or national governments to careless disposal of used computer equipment or data storage media.” A data breach occurs when secure information is “copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.” A data breach may involve financial information, personal health information, “personally identifiable information,” trade secrets of corporations or intellectual property.
The Guide offers practical steps to minimize cyber-attack and data breach vulnerabilities:
- Assume You’re a Target
- Lead by Example
- Map and Encrypt Your Data
- Encrypt Your Data
- Bank Securely
- Defend Yourself
- Educate Employees
- Be Password Wise
- Operate Securely
- Plan for the Worst
Additional Resources: CalChamber