Cyber Security: Everyone is at Risk

As if Small- and Medium-sized Business owners don’t have enough to worry about, an increase of “hacktivism” has been predicted for 2012 by Kroll, an Information Technology (IT) consulting company. Cybercrimes are nothing new, but cyber criminals have more ways to infiltrate a small-business owner’s private company data. Just because a company is small – meaning it has 500 employees or fewer and less than $5 million in annual revenue – that doesn’t automatically remove it from a cyber thief’s list of possible targets. Everyone is at risk, according to Kroll, especially small and medium businesses.

Innovations like the cloud and geolocation technology are two-faced Januses that open doors of convenience for businesses on one side, while simultaneously opening portals of enormous potential for thieves on the other. It doesn’t help that more and more businesses provide their employees with company laptops and/or smart phones that sometimes don’t have the kind of firewall and anti-spyware protection that they should. And if a lost or stolen laptop or smart phone isn’t password protected, the data within is at a thief’s disposal.

Besides predicting an increase in cyber-based mayhem for 2012, Kroll also predicts that two federal geolocation tracking bills that were introduced in 2011 will never become laws. The Location Privacy Protection Act, which was introduced by Sens. Al Franken (D-Minn.) and Richard Blumenthal (D-Conn.), seeks to close current federal law “loopholes” that, according to Franken, allow device manufacturers, app developers and telephone companies that offer wireless Internet service to freely share their consumer location information with third parties. The Location Privacy Protection Act pertains to non-governmental entities, but the GPS Act, which was introduced by Sen. Ron Wyden (D-Ore.) and Rep. Jason Chaffetz (R-Utah), covers both governmental and non-governmental entities, including law enforcement. Under the GPS Act, a person must give prior consent before a company could share location information, and law enforcement would have to obtain a warrant before a company could disclose such information about one of its customers.

The two aforementioned bills were introduced long before developer Trevor Eckhart posted a YouTube video detailing the dangers of the Carrier IQ app, which Sprint says it has disabled, that logs every keystroke a user makes and every URL he visits – even secure ones – and sends the information back to the carrier’s database. T-Mobile still has the Carrier IQ app on its HTC Amaze 4G, Samsung Galaxy S II, Exhibit II 4G, LG myTouch, LG myTouch Q, LG DoublePlay and the Blackberry 9900, 9810 and 9360 devices. The potential dangers of such an app exist not only for individual users, but for the carriers as well.

Despite Facebook’s privacy missteps, social engineering attacks, Kroll says, involve thieves using “clever tactics to coerce end users into disclosing sensitive information, downloading malware or both.” To prevent this type of cyberattack, as well as all the others, companies will have to become more vigilant when it comes to keeping track of their employees’ Internet activities and increase firewall and anti-spyware protection on company-issued devices.

Small- and medium-sized business owners have a lot to look forward to in 2012, but they have a lot to prepare for, too, according to IT consultant Kroll. As companies move more of their business operations to the Internet and the cloud, they give cyber criminals more opportunities to steal or corrupt important company data.