Also in this playlist...
This transcript is automatically generated
-- talking about how small and medium size businesses should be on high alert.
For cyber crimes.
We're talking about this cyber threat right now with the executive director of the national cyber Security Council Michael -- -- -- well.
And Marian Merritt -- the Internet safety advocate for Symantec.
A company that store is -- is protects.
Tons and tons of information so you guys are in the know thank you for joining us.
Thank you for having -- and closer if you Marian why should companies smaller companies be so.
Aware of potential -- -- Impacting your business.
Well these days small businesses like any business or are they have data -- -- brigade and if employee data.
And they may also.
-- vendors to larger more protective organizations and enterprises.
And additionally small businesses may lack and the kind of dedicated IT professionals that keep big companies -- And as a result.
They're not as defended their their networks are just -- their web sites may not be as secure and they may not take it so seriously they may not realize.
But according to this year's Internet security threat report from Symantec.
A tax on small businesses are up threefold from last year attacks up.
Three -- over the past year that is amazing so I guess Michael how do you know.
If -- business is safe.
Well you know you can't always be a 100% safe but you have to do the common sense and simple things and every business needs to do.
So in the same way that you would put you know security lights rate you know exit -- -- by doors if there was a fire you have to make sure that you put those basic precautions in place for your business and that's -- include.
Updated software all across -- -- security web browsers operating systems if you're using financial systems or other kinds of services that have.
Com you know regular updates you need to make those updates and spreading out across -- -- environment so that every machine is -- we call that kind of keeping it clean machine.
You really have to think about what your employees are doing online and understand are they doing things it may be putting you at risk are they visiting social networks during working hours are they.
-- and checking their personal emails are they doing things that probably aren't appropriate for the corporate networks you know sometimes employees may not be able to differentiate so much right to them.
You know when I'm online I'm online -- and having them clear about what's appropriate on the corporate network -- appropriate to access the corporate network.
What devices they use to access a corporate network are all part of the way that you reduce that risk.
I want to -- full screen now the cyber threats for businesses that are coming from the employees nearly 50%.
Of working adults.
Access their personal email through their work device is -- at third are accessing social networks and 27% storm personal information on those -- devices.
Are we talking blackberries iphones ipads tablets or and or that work.
We're talking balls and one of the things that's driving this blurred environment.
Is the bring your own device to work phenomenon the BYOD trend.
And it's not necessarily a terrible thing and it's definitely the wave of the future.
But small businesses like large enterprises need to get in front of -- they need to set up policies and educate their employees.
Before they find themselves having data leak out of the organization yet and when you said you know 5050%.
Of us use that same device for work and for play.
And 30% of parents admit they let their kids play on their work device.
A fourth of -- -- storing data in the clouds so I would ask if that's a work provided account is it okayed a storm like Christmas and vacation photos.
And if I leave the company do -- still -- -- that account so a lot of unanswered questions can lead to data risk.
-- those questions slowly being answer.
Yeah I you know I think they are I think the best way to answer those questions is really through policy.
Right it's really through.
You really quickly establishing.
How how do you police something like this how do you say to someone you can only use that device it is business but -- finish at the switch to this device.
Well so there's a couple different ways right I mean anything for one.
You know you cannot allow certain devices to access your corporate network right so you can just you know other technologies and a place that might allow you know.
Certain devices not to be allowed onto a network that's you know that can happen and that's a possibility.
The other parties that.
You know there are ways now to segregate devices amen that's becoming more prevalent on -- more common as people use these devices more in the workplace.
So there's actually a segment of that even a Smartphone that's really dedicated to the corporate side and there's not an interchange between corporate data and the personal data.
You know early stages probably being adopted more -- you know.
Larger corporations and maybe in -- you know in government settings more often.
Then smaller businesses right now but that's a trend it's definitely coming and that's something that people should investigate.
It's a way to have the best of both worlds in the sense because you know we all love our little personal devices we picked them out you know that's the -- wanted maybe it's the color we like.
Wherever it is and people want to use -- -- it's hard to fight that tide so you know.
Maybe we should join him and figure out a way to do it more safely and securely.
Marion is joining jumped in there.
I was just gonna say we've talked a little bit about policy which can sound very complicated.
The policy doesn't really need to be that big a deal 500 pages that nobody updates -- looks at.
I would just like small business owners to start having conversations.
Talk to their employees about their concern about certain risks.
Or the reason for blocking certain kinds of web site it doesn't have to be an us vs them kind of activity.
Because frankly we're all in this together it just takes one employee -- -- the wrong link or download a file from some motivation to render us all vulnerable.
And we know from research that small businesses when hit by cyber crime.
Very rarely do they come back home.
So we want to prevent those attacks from the beginning because it's such an expensive.
Fix and for small business it's probably.
A good chunk of there there earnings.
And it's not just the economic risk its trust because small business like large business your name is your values your brand new and if your customers no longer trust you because you allowed their data.
To leak out.
You allowed them to potentially be at risk for identity theft you know that trust is really damaged.
-- that's an excellent point I'm just looking here at some statistics 36% of working adults say their company has no policy.
On use of personal devices at work to -- in ages said Marianne.
Some so not web sites are our band here at fox and I know other let's expand to other companies are there certain ones that typically always get the red flag.
You know this is kind of a moving target some companies may find that they're gonna block social networking and then there's -- hue and cry from people who need to check their social network four and five times today.
So we're all sort of figuring this out but.
Gambling web sites -- sites where people are wasting lots of time watching videos these kind of sites you can block increasingly -- employees will understand.
But again create policy with partnership with your employees -- you don't have people trying to backdoor their way around the policy breaking -- for everybody.
Or simply avoiding using the network and using their personal devices for work.
When you reach out to small and medium sized businesses are they surprised to learn all this or are today.
-- like you know we we know that this is coming we know we need to have better protocols in place and things like federal or -- -- more surprised now.
You know I think that there is a disconnect sometimes between small businesses up practices and how safe they are.
I think there's been some research indicates that small businesses actually think that there -- more safer and secure than they really are.
Anderson couple examples of that you know they'll say we're doing everything we need to do.
And yet when you look underneath the hood they won't have a policy for example about using -- USB device -- USB device no memory stick or other kinds of things.
Has been a major vector of attack by the bad guys on and not necessarily a direct attack it could be that it got who knows where -- USB devices being what mall where it's picked up along the way.
Plug -- into the corporate network and boom you're there and attacks it was a major source attacked in the Defense Department years ago.
They've banned them so there are things like that they don't have policies about you know how do you social network is Marion was saying so.
Know -- there should not be a false sense of security in cyber security because.
You really have to be on your game all the time and this means that.
They're people that run small businesses that CEOs or the owner of the business you don't have to be paying attention this issue.
And even if they're not technically savvy they need to be talking about the -- the people on their staffs about.
What are we doing to keep this business safe and secure.
What are our assets that might be at risk they take a risk management approach to this.
You know what are what are we have it's -- value and how are we protecting it that's a really a good question for Boston ask across the board and their business if they get the chance.
-- thank you so much for keeping us abreast of all of these issues -- Michael Kaiser the executive director of the national cyber Security Council.
And Marian Merritt in the Internet safety advocate.
At Symantec thank you so much to both -- -- nipple clips that have on the screen for viewers to -- Have a great day thank you thanks to neat things about us.
Filter by section