It should really come as no surprise that when a major national retailer is the victim of cyber-attack, it becomes instant headline news. Late in 2013, this happened to both Minneapolis-based Target Corporation as well as Neiman Marcus. It was estimated that between November 27 and December 15, 2013 – during prime holiday shopping season – the payment card data of 40 million shoppers who bought merchandise in-store at U.S. stores, as well as the personal information of another 70 million customers, was compromised due to cyber thieves.
The Target mishap, according to available data, is one of the country’s largest recorded data security breaches. Considering the scope of this crime, it’s easy to assume a heist the planning and implementation of which would rival those of a modern-day thriller. To the contrary, the security breach is believed to have been the result of that most innocuous of daily trifles: phishing emails.
According to recent research, while the amount of phishing is decreasing, the methods employed are more targeted, with cyber criminals becoming more skillful. And harmless as it may seem when it appears in the inbox, one of the most effective subject lines, as determined by cyber-security experts at Websense of San Diego, is an invitation to connect on LinkedIn. And if the first and second emails don’t draw in the prospect, data indicates that the third email will finally get them to click a link or open an attachment – though these may not always prove malicious.
Phishing emails proved to be Target’s downfall, when an employee of third-party contractor Fazio Mechanical Services Inc. of Sharpsburg, PA clicked through from a “malware-laced e-mail phishing attack.” Unfortunately, the company’s detection software simply wasn’t capable of protecting the company’s network from the threat.
This kind of incident leaves a business owner to ask, “What can I do to make my company data more secure?” The best place to start is with awareness.
Security is not a one size fits all approach, because each business is unique, with different network and data challenges. Security measures also depend on the size of the company, the amount of business, on what data is at risk.
Employees can also be a threat to cyber securing the business. The data breaches can occur by simple human error – as with the Target breach, and more recently with Kickstarter, the popular online crowd-sourcing website. This type of error can be related to many factors, among them poor decision making, or the consequences of someone else’s decision making, and not understanding security policies and procedures.
Understanding existing security policies and protocols is imperative, and assembling a security matrix to addresses internal organization risk is a great place to start. Begin by assessing and assigning appropriate levels of access and security on email servers, employees’ tablets or mobile phones.
When cyber-attacks are in the news, it’s important to maintain perspective. Small-to-medium-sized businesses will have less to worry about than a major like Target, or a site with the online reach of Kickstarter. While keeping data safe should be of concern to every business, the level of security should be appropriate to the size and scope of the individual entity and specific data or intellectual property to safeguard.
Article Source: Kinetik IT blog