Small Business Under Attack
Every day criminals attack businesses. Whether you own or manage a small or mid-sized businesses, or a non-profit organization you are a prime target for crime especially identity theft. Smaller businesses don't have the resources to properly protect proprietary information so the shift to smaller businesses is occurring at a faster rate.
Here are the facts from a survey by the National Cyber Security Alliance:
· Only 28% of small businesses have formal Internet security policies
· Just 35% of small businesses provide any training to employees about Internet safety and security
· 86% of businesses have no single individual focused on IT issues.
As a result:
· 85% of payment card breaches occur at smaller businesses
· 81% of organizations subject to PCI standards have not been found compliant prior to the breach
· 83% of attacks were not highly difficult to perform
The shape of Internet crime is moving from more tradition forms of crime including Phishing or randomly collected passwords and login information to targeted attacks where cybercriminals are stealing and reselling data to other criminals.
Experts are predicting attacks on small and mid-sized businesses will grow in 2010. These attacks will grow in sophistication and complexity. Unfortunately, most small and mid-sized businesses aren't prepared for this kind of attack.
It is important for businesses of all sizes properly protect their customers and employees private information. It is important for two reasons:
1. To guard against customer and employee identity theft and other crimes
2. Avoid fines for not achieving minimum federal, state and PCI standards
Customer Protection Isn't An Option Any More
Our government and private industry have noticed this trend of increasing attacks on small and mid-sized businesses. They realized the only way to stop or at least slow this trend is to put the responsibility on the businesses. Over the last 10 years federal, state and industry have set up new rules and regulations to force businesses to secure customer and employee proprietary information or face huge fines or possibly jail time.
Businesses must take the steps to get compliant with the law and PCI standards. They must get serious about protecting their customer and employee proprietary information. Protecting this important information isn't an option for any size business any more.
Who must comply?
Here's a general rule: If your business collects, uses, transmits, or stores personal financial information about your customers, members or employees, you must comply with laws and regulations including PCI standards and the upcoming Red Flag compliance. Full compliance with the federal, state and PCI standards will prevent penalties, fines and security breaches. It will increase customer confidence and sells.
Meeting these tough regulations and standards is not easy to achieve, but it is rewarding. Many compliant businesses report full compliance has actually saved them time and money.
Smaller businesses don't know how they are going to meet these tough federal, state regulations and PCI standards. So, they are looking for assistance. There are many companies who offer assistance. Make sure you work with a company that has the experience and expertise while at the same time makes it quick and easy to meet the minimum recommended technical and administrative safeguards required for compliance with information security and privacy standards. The company should offer:
· Technical Safeguards
· Administrative Safeguards
· Security Breach Response
The right company should assist your business to meet all compliance standards and requirements. The company should work side by side to develop comprehensive technical and administrative safeguards required for your business to keep hackers and identity thieves out.
Your compliance to PCI standards and all other regulations will mean increased sales by increasing trust and loyalty with your customers. It will eliminate down time without you or your staff being sidelined by computer problems.
Most important, a good quality compliance company should walk you through all compliance requirements and assist in making sure you understand what need to be done to ensure they are met with a single, affordable program. This is a simple way for your business to meet or exceed federal, state and PCI standards and requirements for protecting your customer's and employees personal information against identity theft and fraud. It also shows your commitment to doing business the right way, with a genuine commitment to privacy, safety and trust.
In 2010, Smart business owners will work toward becoming compliant certified to save time, money and avoid those huge penalty and fines.
Warren Franklin has worked in the Internet security and identity theft protection arena for five years. He is regarded as on of the top security specialists in his company. You can contact him about business compliance and other computer security issues by e-mailing divpro123@comcast.net. More information on federal, state and PCI standards is available at http://www.completeinternetprotection.com/pcistandards.html
