SlideShare a Scribd company logo

Small and Medium Business Cyber Risk Overview for

E
EFTGuard

Overview of cyber risks and online threats to small and medium businesses. Document outlines leading threats and importance of education across cyber risk areas spanning- business identity theft, data breach and business disruption, and funds theft/ eCrime. Presentation created by EFTGuard - offering anti-malware desktop security, cyber education and fraud loss protection against corporate account takeover. Check us out at www.eftguard.com or follow us on Twitter @EFTGuard. A copy of the white paper can be downloaded at www.eftguard.com.

Business
1 of 26
Small and Medium Business Cyber Risk Overview Presented by: Copyright © 2012 EFTGuard, L.L.C. For Client & Prospective Clients Internal Use Only. EFTGuard and “Minimize Your Risk. Protect Your Money” are trademarks of EFTGuard, L.L.C. All other marks are the property of their respective owners.
Key Actions for Every Small to Mid-sized Business 1. Understand the Threat 2. Assess Your Cyber Risk 3. Protect Your Business 2
Did You Know… Approximately 72% of Nearly 75% of surveyed the data breaches U.S. businesses investigated in 2011 experienced online were at small bank fraud in 2011.1 businesses.2 7 in 10 businesses were Median loss for a small not fully reimbursed by business ($200,000) is their Banks for fraud 37% higher than a large losses.1 company.3 Sources: 1) Guardian Analytics/ Ponemon- 2012 Business Banking Trust Study, 2) Verizon 2012 Data Breach Investigations Report, 3) ACFE, 2008 3
Major Threats US Businesses Corporates Big IT; Secure EDP* Cyber Identity Data SMEs SMBs Target Rich for Cyber Crime Theft Breach (~10MM businesses) (~10MM businesses) Attackers Steal Micro-Businesses Customer (~20MM businesses) Less to Protect Use a Data Company’s Steal a Identity Company’s Attack a Cash Company’s Computers, 27.5MM Total Businesses in the US (Source SBA) Networks, and 4.9MM Businesses with 1 to 50 employees Applications 3.9MM 1 to 9 employees 1.0MM 10 to 50 employees * EDP = Electronic Data Processing 4
Major Impacts Risk Impact Caused by: Reputation Damage Mandatory Customer Notification Fines up to $MM Data Breach Violations Corporates Operational Expense Providing Free Credit SMEs SMBs (~10MM businesses) Monitoring (~10MM businesses) Fraud Losses up to Bank Account Takeover Micro-Businesses $MM (~20MM businesses) Trade Secrets Stolen IP Business DDOS, Network and Disruption Application Attacks 5
SMB’s are Online  The Internet is indispensable to small and medium businesses – Two thirds (66%) of small and medium businesses say that their business is dependent on the Internet for its day-to-day operations – 38% characterize it as very dependent – 67% say they have become more dependent on the Internet in the last 12 months1  Businesses rely heavily on online banking – Nearly 90% of SMBs now bank online2 – 51% of businesses transfer funds online – 54% have used mobile banking services – 20% conduct all of their banking transactions online3  Businesses have vital information to protect – 69% handle sensitive information, including customer data – 49% have financial records and reports – 23% have their own intellectual property – 18% handle intellectual property belonging to others outside of the company4 Sources: 1) National Cyber Security Alliance/Symantec, 2) Sophos 2012 Network Security Survey, 3) Guardian Analytics/ Ponemon- 2012 6 Business Banking Trust Study, 4) NCSA, Cisco Small Business Survey, 2012
Cyber Threats are Growing 56,859 – number of unique phishing web sites identified in February 2012 – an all time high1 100,000 daily malware samples identified– total unique malware samples now exceeds 90 million3 9,000 malicious web sites are identified every day in the U.S. alone2 23% increase in new types of malware in the latest quarter - the fastest growth rate in four years3 35.5% average number of infected PCs across the globe1 60% of the websites that serve up malicious code are actually legitimate, compromised sites3 $1,000 is the cost of an attack toolkit that can check browsers for as many as two dozen vulnerabilities Sources: 1) APWG, Phishing Activity Trends Report Q1 2012, 2) McAfee, Threat Report 2012, 3) Symantec Norton Safe Web service, 2012 7
SMB’s: Target of Choice “Cybercriminals are looking for low-hanging fruit. Their targets are companies with poor defenses, a lack of security skills, and vulnerable end users.” Tim Wilson, InformationWeek, Sept 2012 Nearly two-thirds of midmarket business companies now cite cybercrime as the greatest threat to their company.1 Source: 1) InformationWeek SMB, Symantec 2012 8
Why are SMB’s at Greater Risk? High reward, low risk target for • Willie Sutton – criminals go “where the money is” • Median loss for a small business ($200,000) is cybercriminals. 37% higher than a large company1 Fewer resources focused on • No dedicated security staff or audit departments • Lack hotlines and reporting systems security and protection. • Few internal controls and little employee training • Limit protection to standard services such as AV software, firewall- vs. more sophisticated tools Higher risk activities and • Remote work teams and open BYOD policies • Lack defined security and usage policies technology profile. • Heavy reliance on third-party services for web site hosting, email, and point of sale systems General disbelief and false • “We’re too small to be at risk” • “No one here would steal from me” sense of security. • “Indifference is the biggest threat small businesses face.” - CEO, Thrive Networks Source: 1) Association of Certified Fraud Examiners, 2008 9
Small Businesses Have Riskier Behavior No formal protection plans Weak or missing controls 52% have a plan or strategic approach in place 40% of managers worry about BYOD and mobile for keeping their business cyber secure3 connectivity to their networks; 93% of SMBs have remote workers1 50% of small business owners have employees review and adhere to online security policies3 67% allow USB devices in the workplace2 63% do not have policies regarding how their 80% of small companies are not confident that employees use social media2 their wireless networks are secure1 60% say they have a privacy policy in place that 50% update software every year; majority of their employees must comply with when they attack kits focus on patched vulnerabilities1 handle customer information2 59% say they do not require any multi-factor 45% of surveyed small business owners say authentication for access to any of their networks2 they do not provide Internet safety training to their employees2 50% only half say that all of their machines are completely wiped of data before disposal2 Sources: 1) SophosLabs 2012 Network Security Survey, 2) StaySafeOnline.org- NCSA/ Symantec Research on Small Business, 2012, 10 3) InformationWeek, IT Pro Ranking Survey, 2012, 4) ACFE, 2008
10 Cyber Threats SMB’s Can’t Ignore InformationWeek SMB Sept 2012: Ten of the most serious dangers to SMB’s: 1. Bank Account Takeover – Cyber Crime 2. Website Takeover 3. Employee-Generated Data Leaks 4. Sneak Attacks Through Service Providers 5. Targeted Attacks 6. Unpatched Software 7. Websites as Malware Hubs 8. Forgotten Systems 9. Mobile and Wireless Devices 10. Reputation Damage 11
Anatomy of a Bank Account Takeover Source: FBI, IC3, FSIAC - Fraud Advisory for Businesses: Corporate Account Take Over, Oct 2010 12
When Bank Account Takeover Happens… Your business account is not government protected. • Businesses who bank online are not protected by Regulation E • Reg E obligates banks to reimburse consumers for online fraud losses • UCC 4a limits Bank liability with commercially reasonable security Banks are not liable for your online losses. • Banking online deposit agreements exclude protection for businesses customers • Approximately 70% of businesses that suffer online fraud losses were not fully reimburses by their financial institution1 Standard business insurance policies are often insufficient or excludes account takeover fraud losses. • Basic Liability and Umbrella insurance policies are limited to legal expenses and wages from lost work • These policies do not cover online fraud losses Source: 1) Guardian Analytics/ Ponemon-2012 Business Banking Trust Study 13
SMB Burden of Liability for Bank Account Takeover Losses Banks are slow to identify and prevent … and rarely fully reimburse business fraudulent transactions… customers for unrecovered, stolen funds. Bank Response after a Fraud Loss: How SMBs Learn about Fraud: 100% Merchant, Letter Call from 90% 23% 25% Vendor or from Bank the Bank Supplier 80% 40% 70% ACH-related 60% 31% 31% fraud 40% 29% 33% 50% 29% 40% Wire transfer 39% 35% 32% 30% fraud 46% 20% 44% Mobile 31% 10% banking 32% 35% 29% fraud 0% ACH-related fraud Wire transfer fraud Mobile banking fraud No Compensation Partial Compensation Full Compensation Both Bank notification methods are too slow 7 in 10 businesses that suffered fraud losses for the Bank to fully recover funds. were not fully reimbursed by their Banks. Source: Guardian Analytics/ Ponemon- 2012 Business Banking Trust Study 14
Bank OLB Business Agreements – Check the Fine Print Bank Example: VI. TERMS AND CONDITIONS A. GENERAL ONLINE SERVICES TERMS AND CONDITIONS FOR ALL CUSTOMERS 8. Password and Security/Your Liability for Unauthorized Transactions/Errors and Questions If you permit other persons to use Online Banking Services or your PIN/Password/User ID… you are responsible for any transactions they authorize. For Consumers Only: For more information on your rights and obligations concerning unauthorized or erroneous Transactions, please refer to PNC's Consumer Electronic Funds Transfer Disclosure Statement ("EFT Statement"), F. TERMS AND CONDITIONS FOR TRANSFER FUNDS SERVICE (Consumer and Business Accounts) 2.b. Your Liability for Unauthorized Transfers/Errors and Questions For Consumer deposit accounts, PNC Bank's Consumer Electronic Funds Transfer Disclosure Statement details your rights and obligations when an unauthorized transaction has occurred. Explicit Business 2.h.i. Additional Transfer Service Provisions for Business Customers Exceptions We shall only be liable for our own negligence or misconduct and shall not be responsible for any loss or damage arising from… any transfer resulting from circumstances beyond our reasonable control… 2.ii In no event shall we be liable for any consequential, incidental, special or Communication of indirect losses, damages, or expenses which the Business Customer incurs or suffers… whether or not the likelihood of such losses or damages was known by Business Liability us. 15
Bank Account Takeover: Fraud Loss Impact Recent SMB Losses Genlabs Ferma Corp. Patco Construction Village View Escrow Family Smile Zone $437,000 $447,000 $588,000 $465,000 $205,000 Lifestyle Forms & Displays DKG Enterprises Golden State Bridge $1,200,000 $100,000 $125,000 Sign Designs $99,000 McFadden Law Eskola $250,000 $130,000 16
Key Actions for Every Small to Mid-sized Business 1. Understand the Threat 2. Assess Your Cyber Risk 3. Protect Your Business 17
Assessing Your Cyber Risks Seven Questions for Every Business Owner: 1. Do you or your employees use the Internet or social media for business purposes? 2. Do your employees use their own personal computers or mobile devices to access your company’s network or systems? 3. Do you or authorized employees use Online Banking to access your business bank accounts online? 4. Do you carry large business account balances, have high available credit, or use online transfer or payment functionality provided from your Bank? 5. Do you have company internal or financial information or other sensitive data linked to the Web in any way? 6. Do you collect, store and use your customer’s personal information? 7. Do you rely on third-party providers to manage your company’s Web site, corporate email, network or other back-office systems? 18
Assessing Your Cyber Risks Business Activities: Potential Cyber Risks: Business Data Breach & Funds Theft Identity Theft Business Disruption & eCrime 1. Employees active on the Web and use social media √ 2. Employees use their own PCs and mobile devices on your network √ √ 3. Business uses Online Banking to access business accounts √ 4. Business has high cash balance, credit, or uses higher risk functions √ 5. Business provides access to sensitive info via the internet √ √ 6. Business collects, stores and uses customer’s personal info √ 7. Relies on third-party providers to manage your web site, email,… √ 19
Key Actions for Every Small to Mid-sized Business 1. Understand the Threat 2. Assess Your Cyber Risk 3. Protect Your Business 20
Protect Your Business Business Data Breach and Funds Theft Identity Theft Business Disruption & eCrime Business Be Safe and Secure Protect Your Desktop Understand and Use Owner When Online and Mobile Devices Your Bank’s Security Your Focus on Employee Define Data Policies Establish Internal Employees Security and Safety & Controls Company Controls Your Business Proactively Monitor Protect your Understand & Protect & Facilities for Cyber Risks Environment Against Financial Loss 21
SMB Cyber Protection Plan: Business Owner Checklist Business Identity Theft Data Breach & Business Disruption Funds Theft & eCrime Be Safe and Secure Protect Your Desktop Understand and Use When Online and Mobile Devices Your Bank’s Security  User available Web browser  Monitor and update AV, Anti-  Use strong passwords. security and privacy features Spyware and firewall software • Know the ingredients of a strong • Learn how to tell- Is the site safe? password • Use “Do Not Track” features • Don’t mix business & personal PWs  Create a Personal PC and Mobile • Use a hardened browser • Consider a password vault Device policy for your business • Require use of lock codes  Beware of Web 2.0 and social • Encryption for work data  Adopt available bank controls networking vulnerabilities • Ban unauthorized plug-ins for login • Sharing information • Employee agreement authorizing • Desktop Anti-malware SW • Reputational risks remote access to lost or stolen devices • Out of Band protection • Malware risks  Ban usage of public Wi-Fi for work  Use bank controls for higher risk  Learn how to recognized related business payments and transfers targeted phishing emails • Dual controls • Positive Pay  Adopt virtual private network (VPN),  Learn how to avoid spyware and secure websites ( “https”)  Monitor your bank accounts and ands malware whenever possible. • Suspicious sites • Most popular web apps, including credit cards constantly for fraud. • Downloads and attachments Gmail, Twitter, and Facebook, offer such an option.  Enroll in free instant alerts to warn you about any unusual account activity. 22
SMB Cyber Protection Plan: Employee Checklist Business Identity Theft Data Breach & Business Disruption Funds Theft & eCrime Focus on Employee Define Data Policies Establish Internal Security and Safety & Controls Company Controls  Train Your Employees in Proper  Create a formal data protection  Follow a “segregation of duties” Security Practices plan policy for high risk areas • Understanding Phishing • Inventory of your sensitive data • Payments • Social media risks • Set-by-step procedures for daily • Purchasing • Mobile and Public Wifi usage protection • Inventory • Contingency plan if you are a victim  Do background checks on new  Train your employees on risks and  Implement a “dual controls employees and contractors company procedures policy” with your Bank to require two people for high risk  Limit employee access to  Create procedures to protect transactions sensitive resources physical company documents • Known safe and secure locations  Consider use of pre-paid  Utilize security and employee • Use a micro cut shredder business credit card for monitoring systems • Avoid sharing sensitive info unless you employees made first contact  Use a dedicated PC for Online  Create policies for sharing company Banking and other sensitive information online work • Limit sharing of EIN, financial docs via email and web • Use security certificates and secure 23 email for sensitive communications
SMB Cyber Protection Plan: Business & Facilities Checklist Business Identity Theft Data Breach & Business Disruption Funds Theft & eCrime Understand & Proactively Monitor Protect your Protect Against for Cyber Risks Environment Financial Loss  Regularly Google your business  Write a security plan that define  Read and understand your Bank’s name for any clones. security rules, guidelines, and Deposit and OLB Agreements. goals for your business. • Know your liability  For higher profile businesses, • Patching Policy • Understand your responsibilities consider for fee reputation and • Data Back-up • System Maintenance  Understand your current business brand monitoring services. insurance coverage for cyber risks.  Actively manage your company • Business identity theft  Monitor business credit reports passwords. • Data breach & business disruption across the three major bureaus. • Funds Theft & eCrime • Change default passwords • Update on a scheduled basis  Invest in a Business Identity • Avoid set-up of “master users.”  Secure additional protection to Theft and Credit Monitoring cover your financial exposure. service.  Ensure your third-party or cloud members provide adequate  Know how to report suspicious  Develop a plan to monitor and security. activity and fraud. respond to cyber incidents: • FBI and Local police • Spam  Use the available technologies to • FTC/ NCTA • Hacker attacks and viruses • Your financial institution implement a cost effective • Spyware • Online shopping fraud layered security strategy. 24
Final Thoughts Cyber attacks are Odds are, at least one of your no longer rare… computers is compromised Cyber attacks have Fines and fraud losses for large negative some SMB’s tally in the consequences… millions In hindsight… solutions are inexpensive and self evident 25
About the Author EFTGuard Protects Businesses from Account Takeover Fraud Losses:  Approved for use with Trusteer Rapport®, Wontok SafeCentral®, IronKey® and Webroot®  Security Education Content  Fraud Loss Protection up to $100,000 / account and up to $500,000 / customer  No underwriting and no deductibles, backed by AIG / Chartis  Peace of Mind for only $24.95 per month  Sign up in less than 5 minutes at www.eftguard.com Contact EFTGuard Directly Follow us on Twitter at info@eftguard.com @EFTGuard 26

Recommended

Clase 11 ex fisico abdomen 2011
Clase 11 ex fisico abdomen 2011Clase 11 ex fisico abdomen 2011
Clase 11 ex fisico abdomen 2011semiologiauach
 
LA CRÓNICA 614
LA CRÓNICA 614LA CRÓNICA 614
LA CRÓNICA 614La Crónica Comarca de Antequera
 
Wofa presentacion patagonia argentina (español)
Wofa presentacion patagonia argentina (español)Wofa presentacion patagonia argentina (español)
Wofa presentacion patagonia argentina (español)Lucas Nemesio
 
Licencia construccion modalidad obra nueva hasta dos pisos y altillo
Licencia construccion modalidad obra nueva hasta dos pisos y altilloLicencia construccion modalidad obra nueva hasta dos pisos y altillo
Licencia construccion modalidad obra nueva hasta dos pisos y altilloChärlïë JïmënËz
 
Typical valencia food
Typical valencia foodTypical valencia food
Typical valencia foodcristinamima
 
Entrevista en la Leyenda del Mapa Mudo
Entrevista en la Leyenda del Mapa MudoEntrevista en la Leyenda del Mapa Mudo
Entrevista en la Leyenda del Mapa MudoSolucionsGeografiques
 
Perro Y Gato Publicidad
Perro Y Gato PublicidadPerro Y Gato Publicidad
Perro Y Gato Publicidadguest99b627
 
Galactinet Blogs Medios Sociales (Influencers y Feminity)
Galactinet Blogs Medios Sociales (Influencers y Feminity)Galactinet Blogs Medios Sociales (Influencers y Feminity)
Galactinet Blogs Medios Sociales (Influencers y Feminity)Carlos Perez
 

Recommended

Clase 11 ex fisico abdomen 2011
Clase 11 ex fisico abdomen 2011Clase 11 ex fisico abdomen 2011
Clase 11 ex fisico abdomen 2011semiologiauach
 
LA CRÓNICA 614
LA CRÓNICA 614LA CRÓNICA 614
LA CRÓNICA 614La Crónica Comarca de Antequera
 
Wofa presentacion patagonia argentina (español)
Wofa presentacion patagonia argentina (español)Wofa presentacion patagonia argentina (español)
Wofa presentacion patagonia argentina (español)Lucas Nemesio
 
Licencia construccion modalidad obra nueva hasta dos pisos y altillo
Licencia construccion modalidad obra nueva hasta dos pisos y altilloLicencia construccion modalidad obra nueva hasta dos pisos y altillo
Licencia construccion modalidad obra nueva hasta dos pisos y altilloChärlïë JïmënËz
 
Typical valencia food
Typical valencia foodTypical valencia food
Typical valencia foodcristinamima
 
Entrevista en la Leyenda del Mapa Mudo
Entrevista en la Leyenda del Mapa MudoEntrevista en la Leyenda del Mapa Mudo
Entrevista en la Leyenda del Mapa MudoSolucionsGeografiques
 
Perro Y Gato Publicidad
Perro Y Gato PublicidadPerro Y Gato Publicidad
Perro Y Gato Publicidadguest99b627
 
Galactinet Blogs Medios Sociales (Influencers y Feminity)
Galactinet Blogs Medios Sociales (Influencers y Feminity)Galactinet Blogs Medios Sociales (Influencers y Feminity)
Galactinet Blogs Medios Sociales (Influencers y Feminity)Carlos Perez
 
Nuevo trabajo de tic seguridad de redes
Nuevo trabajo de tic seguridad de redesNuevo trabajo de tic seguridad de redes
Nuevo trabajo de tic seguridad de redesesthermorenoestevez
 
Libraries As Microcelebrities Pecha Kucha
Libraries As Microcelebrities Pecha KuchaLibraries As Microcelebrities Pecha Kucha
Libraries As Microcelebrities Pecha KuchaMelissa Renner
 
Smart metalsinvestorkit
Smart metalsinvestorkitSmart metalsinvestorkit
Smart metalsinvestorkitJOSÉ RAMON CARIAS
 
Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores
Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores
Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores Caixa Geral Depósitos
 
Presentacion pfc
Presentacion pfcPresentacion pfc
Presentacion pfcEnrique Fernández
 
Artritis septica post iq lca
Artritis septica post iq lcaArtritis septica post iq lca
Artritis septica post iq lcaROLANDO GOMEZ COBO
 
Directorio centros integrales de apoyo a las mujeres e institutos municipales
Directorio centros integrales de apoyo a las mujeres e institutos municipalesDirectorio centros integrales de apoyo a las mujeres e institutos municipales
Directorio centros integrales de apoyo a las mujeres e institutos municipalesInstituto Jalisciense de las Mujeres
 
User First
User FirstUser First
User FirstGuillermo Paz
 
ALTEREGO HOME DESIGN
ALTEREGO HOME DESIGNALTEREGO HOME DESIGN
ALTEREGO HOME DESIGNAntonino Di Paolo
 
Funeraria paso incierto
Funeraria paso inciertoFuneraria paso incierto
Funeraria paso inciertojuan sebastian gonzalez
 
Despliegue Y Control
Despliegue Y ControlDespliegue Y Control
Despliegue Y ControlEdgar Alfonso Castillo
 
History of the sspx slideshow
History of the sspx slideshowHistory of the sspx slideshow
History of the sspx slideshowFather Kevin Robinson
 
Proyecto de formulacion de problemas
Proyecto de formulacion de problemasProyecto de formulacion de problemas
Proyecto de formulacion de problemasJohan Moya
 
La norma procesal cuarta semana
La norma procesal cuarta semanaLa norma procesal cuarta semana
La norma procesal cuarta semanaEnrique Laos, Etica Cal
 
The ailing planet
The ailing planetThe ailing planet
The ailing planetਅੰਗਦ ਜੀਤ ਮੁੰਡੇ
 
Intro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn Ninh
Intro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn NinhIntro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn Ninh
Intro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn NinhBUTGOYEUTHUONG
 
Evidence based interventies voor Geriatrische patienten
Evidence based interventies voor Geriatrische patientenEvidence based interventies voor Geriatrische patienten
Evidence based interventies voor Geriatrische patientennellie de wijs
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Data Analytics Company - 47Billion Inc.
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 

More Related Content

Viewers also liked

Nuevo trabajo de tic seguridad de redes
Nuevo trabajo de tic seguridad de redesNuevo trabajo de tic seguridad de redes
Nuevo trabajo de tic seguridad de redesesthermorenoestevez
 
Libraries As Microcelebrities Pecha Kucha
Libraries As Microcelebrities Pecha KuchaLibraries As Microcelebrities Pecha Kucha
Libraries As Microcelebrities Pecha KuchaMelissa Renner
 
Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores
Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores
Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores Caixa Geral Depósitos
 
Directorio centros integrales de apoyo a las mujeres e institutos municipales
Directorio centros integrales de apoyo a las mujeres e institutos municipalesDirectorio centros integrales de apoyo a las mujeres e institutos municipales
Directorio centros integrales de apoyo a las mujeres e institutos municipalesInstituto Jalisciense de las Mujeres
 
Proyecto de formulacion de problemas
Proyecto de formulacion de problemasProyecto de formulacion de problemas
Proyecto de formulacion de problemasJohan Moya
 
Intro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn Ninh
Intro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn NinhIntro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn Ninh
Intro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn NinhBUTGOYEUTHUONG
 
Evidence based interventies voor Geriatrische patienten
Evidence based interventies voor Geriatrische patientenEvidence based interventies voor Geriatrische patienten
Evidence based interventies voor Geriatrische patientennellie de wijs
 

Viewers also liked (17)

Nuevo trabajo de tic seguridad de redes
Nuevo trabajo de tic seguridad de redesNuevo trabajo de tic seguridad de redes
Nuevo trabajo de tic seguridad de redes
 
Libraries As Microcelebrities Pecha Kucha
Libraries As Microcelebrities Pecha KuchaLibraries As Microcelebrities Pecha Kucha
Libraries As Microcelebrities Pecha Kucha
 
Smart metalsinvestorkit
Smart metalsinvestorkitSmart metalsinvestorkit
Smart metalsinvestorkit
 
Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores
Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores
Seminário Experiências Partilhadas Bridges | Biografias Oradores e Moderadores
 
Presentacion pfc
Presentacion pfcPresentacion pfc
Presentacion pfc
 
Artritis septica post iq lca
Artritis septica post iq lcaArtritis septica post iq lca
Artritis septica post iq lca
 
Directorio centros integrales de apoyo a las mujeres e institutos municipales
Directorio centros integrales de apoyo a las mujeres e institutos municipalesDirectorio centros integrales de apoyo a las mujeres e institutos municipales
Directorio centros integrales de apoyo a las mujeres e institutos municipales
 
User First
User FirstUser First
User First
 
ALTEREGO HOME DESIGN
ALTEREGO HOME DESIGNALTEREGO HOME DESIGN
ALTEREGO HOME DESIGN
 
Funeraria paso incierto
Funeraria paso inciertoFuneraria paso incierto
Funeraria paso incierto
 
Despliegue Y Control
Despliegue Y ControlDespliegue Y Control
Despliegue Y Control
 
History of the sspx slideshow
History of the sspx slideshowHistory of the sspx slideshow
History of the sspx slideshow
 
Proyecto de formulacion de problemas
Proyecto de formulacion de problemasProyecto de formulacion de problemas
Proyecto de formulacion de problemas
 
La norma procesal cuarta semana
La norma procesal cuarta semanaLa norma procesal cuarta semana
La norma procesal cuarta semana
 
The ailing planet
The ailing planetThe ailing planet
The ailing planet
 
Intro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn Ninh
Intro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn NinhIntro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn Ninh
Intro to r_vietnamese - Sưu tầm của thầy Nguyễn Văn Ninh
 
Evidence based interventies voor Geriatrische patienten
Evidence based interventies voor Geriatrische patientenEvidence based interventies voor Geriatrische patienten
Evidence based interventies voor Geriatrische patienten
 

Recently uploaded

BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 

Recently uploaded (20)

BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 

Small and Medium Business Cyber Risk Overview for

  • 1. Small and Medium Business Cyber Risk Overview Presented by: Copyright © 2012 EFTGuard, L.L.C. For Client & Prospective Clients Internal Use Only. EFTGuard and “Minimize Your Risk. Protect Your Money” are trademarks of EFTGuard, L.L.C. All other marks are the property of their respective owners.
  • 2. Key Actions for Every Small to Mid-sized Business 1. Understand the Threat 2. Assess Your Cyber Risk 3. Protect Your Business 2
  • 3. Did You Know… Approximately 72% of Nearly 75% of surveyed the data breaches U.S. businesses investigated in 2011 experienced online were at small bank fraud in 2011.1 businesses.2 7 in 10 businesses were Median loss for a small not fully reimbursed by business ($200,000) is their Banks for fraud 37% higher than a large losses.1 company.3 Sources: 1) Guardian Analytics/ Ponemon- 2012 Business Banking Trust Study, 2) Verizon 2012 Data Breach Investigations Report, 3) ACFE, 2008 3
  • 4. Major Threats US Businesses Corporates Big IT; Secure EDP* Cyber Identity Data SMEs SMBs Target Rich for Cyber Crime Theft Breach (~10MM businesses) (~10MM businesses) Attackers Steal Micro-Businesses Customer (~20MM businesses) Less to Protect Use a Data Company’s Steal a Identity Company’s Attack a Cash Company’s Computers, 27.5MM Total Businesses in the US (Source SBA) Networks, and 4.9MM Businesses with 1 to 50 employees Applications 3.9MM 1 to 9 employees 1.0MM 10 to 50 employees * EDP = Electronic Data Processing 4
  • 5. Major Impacts Risk Impact Caused by: Reputation Damage Mandatory Customer Notification Fines up to $MM Data Breach Violations Corporates Operational Expense Providing Free Credit SMEs SMBs (~10MM businesses) Monitoring (~10MM businesses) Fraud Losses up to Bank Account Takeover Micro-Businesses $MM (~20MM businesses) Trade Secrets Stolen IP Business DDOS, Network and Disruption Application Attacks 5
  • 6. SMB’s are Online  The Internet is indispensable to small and medium businesses – Two thirds (66%) of small and medium businesses say that their business is dependent on the Internet for its day-to-day operations – 38% characterize it as very dependent – 67% say they have become more dependent on the Internet in the last 12 months1  Businesses rely heavily on online banking – Nearly 90% of SMBs now bank online2 – 51% of businesses transfer funds online – 54% have used mobile banking services – 20% conduct all of their banking transactions online3  Businesses have vital information to protect – 69% handle sensitive information, including customer data – 49% have financial records and reports – 23% have their own intellectual property – 18% handle intellectual property belonging to others outside of the company4 Sources: 1) National Cyber Security Alliance/Symantec, 2) Sophos 2012 Network Security Survey, 3) Guardian Analytics/ Ponemon- 2012 6 Business Banking Trust Study, 4) NCSA, Cisco Small Business Survey, 2012
  • 7. Cyber Threats are Growing 56,859 – number of unique phishing web sites identified in February 2012 – an all time high1 100,000 daily malware samples identified– total unique malware samples now exceeds 90 million3 9,000 malicious web sites are identified every day in the U.S. alone2 23% increase in new types of malware in the latest quarter - the fastest growth rate in four years3 35.5% average number of infected PCs across the globe1 60% of the websites that serve up malicious code are actually legitimate, compromised sites3 $1,000 is the cost of an attack toolkit that can check browsers for as many as two dozen vulnerabilities Sources: 1) APWG, Phishing Activity Trends Report Q1 2012, 2) McAfee, Threat Report 2012, 3) Symantec Norton Safe Web service, 2012 7
  • 8. SMB’s: Target of Choice “Cybercriminals are looking for low-hanging fruit. Their targets are companies with poor defenses, a lack of security skills, and vulnerable end users.” Tim Wilson, InformationWeek, Sept 2012 Nearly two-thirds of midmarket business companies now cite cybercrime as the greatest threat to their company.1 Source: 1) InformationWeek SMB, Symantec 2012 8
  • 9. Why are SMB’s at Greater Risk? High reward, low risk target for • Willie Sutton – criminals go “where the money is” • Median loss for a small business ($200,000) is cybercriminals. 37% higher than a large company1 Fewer resources focused on • No dedicated security staff or audit departments • Lack hotlines and reporting systems security and protection. • Few internal controls and little employee training • Limit protection to standard services such as AV software, firewall- vs. more sophisticated tools Higher risk activities and • Remote work teams and open BYOD policies • Lack defined security and usage policies technology profile. • Heavy reliance on third-party services for web site hosting, email, and point of sale systems General disbelief and false • “We’re too small to be at risk” • “No one here would steal from me” sense of security. • “Indifference is the biggest threat small businesses face.” - CEO, Thrive Networks Source: 1) Association of Certified Fraud Examiners, 2008 9
  • 10. Small Businesses Have Riskier Behavior No formal protection plans Weak or missing controls 52% have a plan or strategic approach in place 40% of managers worry about BYOD and mobile for keeping their business cyber secure3 connectivity to their networks; 93% of SMBs have remote workers1 50% of small business owners have employees review and adhere to online security policies3 67% allow USB devices in the workplace2 63% do not have policies regarding how their 80% of small companies are not confident that employees use social media2 their wireless networks are secure1 60% say they have a privacy policy in place that 50% update software every year; majority of their employees must comply with when they attack kits focus on patched vulnerabilities1 handle customer information2 59% say they do not require any multi-factor 45% of surveyed small business owners say authentication for access to any of their networks2 they do not provide Internet safety training to their employees2 50% only half say that all of their machines are completely wiped of data before disposal2 Sources: 1) SophosLabs 2012 Network Security Survey, 2) StaySafeOnline.org- NCSA/ Symantec Research on Small Business, 2012, 10 3) InformationWeek, IT Pro Ranking Survey, 2012, 4) ACFE, 2008
  • 11. 10 Cyber Threats SMB’s Can’t Ignore InformationWeek SMB Sept 2012: Ten of the most serious dangers to SMB’s: 1. Bank Account Takeover – Cyber Crime 2. Website Takeover 3. Employee-Generated Data Leaks 4. Sneak Attacks Through Service Providers 5. Targeted Attacks 6. Unpatched Software 7. Websites as Malware Hubs 8. Forgotten Systems 9. Mobile and Wireless Devices 10. Reputation Damage 11
  • 12. Anatomy of a Bank Account Takeover Source: FBI, IC3, FSIAC - Fraud Advisory for Businesses: Corporate Account Take Over, Oct 2010 12
  • 13. When Bank Account Takeover Happens… Your business account is not government protected. • Businesses who bank online are not protected by Regulation E • Reg E obligates banks to reimburse consumers for online fraud losses • UCC 4a limits Bank liability with commercially reasonable security Banks are not liable for your online losses. • Banking online deposit agreements exclude protection for businesses customers • Approximately 70% of businesses that suffer online fraud losses were not fully reimburses by their financial institution1 Standard business insurance policies are often insufficient or excludes account takeover fraud losses. • Basic Liability and Umbrella insurance policies are limited to legal expenses and wages from lost work • These policies do not cover online fraud losses Source: 1) Guardian Analytics/ Ponemon-2012 Business Banking Trust Study 13
  • 14. SMB Burden of Liability for Bank Account Takeover Losses Banks are slow to identify and prevent … and rarely fully reimburse business fraudulent transactions… customers for unrecovered, stolen funds. Bank Response after a Fraud Loss: How SMBs Learn about Fraud: 100% Merchant, Letter Call from 90% 23% 25% Vendor or from Bank the Bank Supplier 80% 40% 70% ACH-related 60% 31% 31% fraud 40% 29% 33% 50% 29% 40% Wire transfer 39% 35% 32% 30% fraud 46% 20% 44% Mobile 31% 10% banking 32% 35% 29% fraud 0% ACH-related fraud Wire transfer fraud Mobile banking fraud No Compensation Partial Compensation Full Compensation Both Bank notification methods are too slow 7 in 10 businesses that suffered fraud losses for the Bank to fully recover funds. were not fully reimbursed by their Banks. Source: Guardian Analytics/ Ponemon- 2012 Business Banking Trust Study 14
  • 15. Bank OLB Business Agreements – Check the Fine Print Bank Example: VI. TERMS AND CONDITIONS A. GENERAL ONLINE SERVICES TERMS AND CONDITIONS FOR ALL CUSTOMERS 8. Password and Security/Your Liability for Unauthorized Transactions/Errors and Questions If you permit other persons to use Online Banking Services or your PIN/Password/User ID… you are responsible for any transactions they authorize. For Consumers Only: For more information on your rights and obligations concerning unauthorized or erroneous Transactions, please refer to PNC's Consumer Electronic Funds Transfer Disclosure Statement ("EFT Statement"), F. TERMS AND CONDITIONS FOR TRANSFER FUNDS SERVICE (Consumer and Business Accounts) 2.b. Your Liability for Unauthorized Transfers/Errors and Questions For Consumer deposit accounts, PNC Bank's Consumer Electronic Funds Transfer Disclosure Statement details your rights and obligations when an unauthorized transaction has occurred. Explicit Business 2.h.i. Additional Transfer Service Provisions for Business Customers Exceptions We shall only be liable for our own negligence or misconduct and shall not be responsible for any loss or damage arising from… any transfer resulting from circumstances beyond our reasonable control… 2.ii In no event shall we be liable for any consequential, incidental, special or Communication of indirect losses, damages, or expenses which the Business Customer incurs or suffers… whether or not the likelihood of such losses or damages was known by Business Liability us. 15
  • 16. Bank Account Takeover: Fraud Loss Impact Recent SMB Losses Genlabs Ferma Corp. Patco Construction Village View Escrow Family Smile Zone $437,000 $447,000 $588,000 $465,000 $205,000 Lifestyle Forms & Displays DKG Enterprises Golden State Bridge $1,200,000 $100,000 $125,000 Sign Designs $99,000 McFadden Law Eskola $250,000 $130,000 16
  • 17. Key Actions for Every Small to Mid-sized Business 1. Understand the Threat 2. Assess Your Cyber Risk 3. Protect Your Business 17
  • 18. Assessing Your Cyber Risks Seven Questions for Every Business Owner: 1. Do you or your employees use the Internet or social media for business purposes? 2. Do your employees use their own personal computers or mobile devices to access your company’s network or systems? 3. Do you or authorized employees use Online Banking to access your business bank accounts online? 4. Do you carry large business account balances, have high available credit, or use online transfer or payment functionality provided from your Bank? 5. Do you have company internal or financial information or other sensitive data linked to the Web in any way? 6. Do you collect, store and use your customer’s personal information? 7. Do you rely on third-party providers to manage your company’s Web site, corporate email, network or other back-office systems? 18
  • 19. Assessing Your Cyber Risks Business Activities: Potential Cyber Risks: Business Data Breach & Funds Theft Identity Theft Business Disruption & eCrime 1. Employees active on the Web and use social media √ 2. Employees use their own PCs and mobile devices on your network √ √ 3. Business uses Online Banking to access business accounts √ 4. Business has high cash balance, credit, or uses higher risk functions √ 5. Business provides access to sensitive info via the internet √ √ 6. Business collects, stores and uses customer’s personal info √ 7. Relies on third-party providers to manage your web site, email,… √ 19
  • 20. Key Actions for Every Small to Mid-sized Business 1. Understand the Threat 2. Assess Your Cyber Risk 3. Protect Your Business 20
  • 21. Protect Your Business Business Data Breach and Funds Theft Identity Theft Business Disruption & eCrime Business Be Safe and Secure Protect Your Desktop Understand and Use Owner When Online and Mobile Devices Your Bank’s Security Your Focus on Employee Define Data Policies Establish Internal Employees Security and Safety & Controls Company Controls Your Business Proactively Monitor Protect your Understand & Protect & Facilities for Cyber Risks Environment Against Financial Loss 21
  • 22. SMB Cyber Protection Plan: Business Owner Checklist Business Identity Theft Data Breach & Business Disruption Funds Theft & eCrime Be Safe and Secure Protect Your Desktop Understand and Use When Online and Mobile Devices Your Bank’s Security  User available Web browser  Monitor and update AV, Anti-  Use strong passwords. security and privacy features Spyware and firewall software • Know the ingredients of a strong • Learn how to tell- Is the site safe? password • Use “Do Not Track” features • Don’t mix business & personal PWs  Create a Personal PC and Mobile • Use a hardened browser • Consider a password vault Device policy for your business • Require use of lock codes  Beware of Web 2.0 and social • Encryption for work data  Adopt available bank controls networking vulnerabilities • Ban unauthorized plug-ins for login • Sharing information • Employee agreement authorizing • Desktop Anti-malware SW • Reputational risks remote access to lost or stolen devices • Out of Band protection • Malware risks  Ban usage of public Wi-Fi for work  Use bank controls for higher risk  Learn how to recognized related business payments and transfers targeted phishing emails • Dual controls • Positive Pay  Adopt virtual private network (VPN),  Learn how to avoid spyware and secure websites ( “https”)  Monitor your bank accounts and ands malware whenever possible. • Suspicious sites • Most popular web apps, including credit cards constantly for fraud. • Downloads and attachments Gmail, Twitter, and Facebook, offer such an option.  Enroll in free instant alerts to warn you about any unusual account activity. 22
  • 23. SMB Cyber Protection Plan: Employee Checklist Business Identity Theft Data Breach & Business Disruption Funds Theft & eCrime Focus on Employee Define Data Policies Establish Internal Security and Safety & Controls Company Controls  Train Your Employees in Proper  Create a formal data protection  Follow a “segregation of duties” Security Practices plan policy for high risk areas • Understanding Phishing • Inventory of your sensitive data • Payments • Social media risks • Set-by-step procedures for daily • Purchasing • Mobile and Public Wifi usage protection • Inventory • Contingency plan if you are a victim  Do background checks on new  Train your employees on risks and  Implement a “dual controls employees and contractors company procedures policy” with your Bank to require two people for high risk  Limit employee access to  Create procedures to protect transactions sensitive resources physical company documents • Known safe and secure locations  Consider use of pre-paid  Utilize security and employee • Use a micro cut shredder business credit card for monitoring systems • Avoid sharing sensitive info unless you employees made first contact  Use a dedicated PC for Online  Create policies for sharing company Banking and other sensitive information online work • Limit sharing of EIN, financial docs via email and web • Use security certificates and secure 23 email for sensitive communications
  • 24. SMB Cyber Protection Plan: Business & Facilities Checklist Business Identity Theft Data Breach & Business Disruption Funds Theft & eCrime Understand & Proactively Monitor Protect your Protect Against for Cyber Risks Environment Financial Loss  Regularly Google your business  Write a security plan that define  Read and understand your Bank’s name for any clones. security rules, guidelines, and Deposit and OLB Agreements. goals for your business. • Know your liability  For higher profile businesses, • Patching Policy • Understand your responsibilities consider for fee reputation and • Data Back-up • System Maintenance  Understand your current business brand monitoring services. insurance coverage for cyber risks.  Actively manage your company • Business identity theft  Monitor business credit reports passwords. • Data breach & business disruption across the three major bureaus. • Funds Theft & eCrime • Change default passwords • Update on a scheduled basis  Invest in a Business Identity • Avoid set-up of “master users.”  Secure additional protection to Theft and Credit Monitoring cover your financial exposure. service.  Ensure your third-party or cloud members provide adequate  Know how to report suspicious  Develop a plan to monitor and security. activity and fraud. respond to cyber incidents: • FBI and Local police • Spam  Use the available technologies to • FTC/ NCTA • Hacker attacks and viruses • Your financial institution implement a cost effective • Spyware • Online shopping fraud layered security strategy. 24
  • 25. Final Thoughts Cyber attacks are Odds are, at least one of your no longer rare… computers is compromised Cyber attacks have Fines and fraud losses for large negative some SMB’s tally in the consequences… millions In hindsight… solutions are inexpensive and self evident 25
  • 26. About the Author EFTGuard Protects Businesses from Account Takeover Fraud Losses:  Approved for use with Trusteer Rapport®, Wontok SafeCentral®, IronKey® and Webroot®  Security Education Content  Fraud Loss Protection up to $100,000 / account and up to $500,000 / customer  No underwriting and no deductibles, backed by AIG / Chartis  Peace of Mind for only $24.95 per month  Sign up in less than 5 minutes at www.eftguard.com Contact EFTGuard Directly Follow us on Twitter at info@eftguard.com @EFTGuard 26