When a major national retailer is the victim of cyber-attack, it’s headline news. Late in 2013, Minneapolis-based Target Corporation and Neiman Marcus succumbed to cyber thieves. It’s now estimated that between November 27 and December 15, 2013 – prime holiday shopping season – the payment card data of 40 million shoppers who bought merchandise in-store at U.S. stores, as well as the personal information of another 70 million customers, was compromised.
According to available data, the Target mishap is one of the country’s largest recorded data security breaches. Considering the scope of this crime, it’s easy to assume a heist the planning and implementation of which would rival those of a modern-day thriller. To the contrary, the security breach is believed to have been the result of that most innocuous of daily trifles: phishing emails.
According to recent research, while the amount of phishing is decreasing, the methods employed are more targeted, with cyber criminals becoming more skillful. And harmless as it may seem when it appears in the inbox, one of the most effective subject lines, as determined by cyber-security experts at Websense of San Diego, is an invitation to connect on LinkedIn. And if the first and second emails don’t draw in the prospect, data indicates that the third email will finally get them to click a link or open an attachment – though these may not always prove malicious. Phishing emails proved to be Target’s downfall, when an employee of third-party contractor Fazio Mechanical Services Inc. of Sharpsburg, PA clicked through from a “malware-laced e-mail phishing attack.” Unfortunately, the company’s detection software simply wasn’t capable of protecting the company’s network from the threat.
This kind of incident leaves a business owner to ask, "What can I do to make my company data more secure?" The best place to start is with awareness.
Security is not a one‑size‑fits‑all approach, because each business is unique, with different network and data challenges. Security measures also depend on the size of the company, the amount of business, on what data is at risk.
Employees can also be a threat to cyber‑securing the business. The data breaches can occur by simple human error – as with the Target breach, and more recently with Kickstarter, the popular online crowd-sourcing website. This type of error can be related to many factors, among them poor decision‑making, or the consequences of someone else's decision‑making, and not understanding security policies and procedures.
Understanding existing security policies and protocols is imperative, and assembling a security matrix to addresses internal organization risk is a great place to start. Begin by assessing and assigning appropriate levels of access and security on email servers, employees' tablets or mobile phones.
When cyber attacks are in the news, it’s important to maintain perspective. Small-to-medium-sized businesses will have less to worry about than a major like Target, or a site with the online reach of Kickstarter. While keeping data safe should be of concern to every business, the level of security should be appropriate to the size and scope of the individual entity and specific data or intellectual property to safeguard.
To learn more about services and products, and to stay up to date with Kinetik I.T., visit www.Kinetik-IT.com or follow Kinetik on Facebook, LinkedIn or Twitter.