The latest hacker victim is daily deal site LivingSocial, which put more than 50 million customers’ data at risk.  These types of attacks give hackers access to not only customers’ credit card information, but also any personal information stored in databases, such as home address, phone number and email.

These hacks are continuing at an alarming rate and unfortunately, small- and medium-sized businesses (SMBs) are valuable targets for cybercriminals. Hackers count on companies who underestimate their exposure, and more than 75 percent of data breaches in 2011 targeted SMBs. With limited budgets, time and resources, SMBs often tend to overlook the importance of a well-rounded security solution. This puts SMBs at greater risk for an attack.

Now more than ever, SMBs should also be aware of the potentially damaging implications of such hacks. LivingSocial is a prime example. Since SMBs are increasingly looking for new channels to market their goods and services, daily deal sites such as LivingSocial are attractive services since they offer a platform to reach a broader customer base. Unfortunately, these new channels also come with potential risks that can leave SMBs vulnerable. SMBs should think of these daily deal sites as another service provider or another database that they need to secure.

To protect themselves, their business and their customers, SMBs need to enact additional security protocols. Specifically, SMBs should:

1. Ensure any discount outlets they use implement full encryption across all aspects of their customer data

2. Confirm they do not store credit card information in the same database as customer data
3. Verify that discount outlets and digital channels digitally shred customer data once the transaction is completed
4. Require all employees to use their business systems passwords for work purposes ONLY. Employees should not use their work emails or passwords to register on sites such as LivingSocial. Doing so exposes the business to vulnerabilities from hackers who can gain access to sensitive business information from within

With SMBs making up 99.7% of all employer firms, it is important that both the private sector and government find ways to help small businesses stay protected. SMBs have become ideal targets for cyber criminals because they store a lot of customer information, possess valuable intellectual property and have budget constraints.

As small businesses adapt to the latest technologies they should also be cautious of potential threats, especially when it comes to the adoption of mobile devices and cloud services. With their sights set on getting the most out of their security budgets, SMBs often lose sight of the importance of a well-rounded security solution.  However, their business, intellectual property and customer data need to be protected as much as that in any large organization.  The focus now is on how information technology helps SMBs protect themselves against potential threats.

What are the growing trends SMBs should look out for?

1. Mobile Device Security

The mobile device has become much more than a device used for communication, it has become a way for people to conduct, manage and support their businesses. By the end of 2013 the number of mobile-connected devices is expected to exceed the world’s population, according to the Cisco Visual Networking Index.

With SMB owners trying to be cost effective, this means more and more employees bringing their own devices (BYOD) to conduct their day to day business. What does this mean for SMBs? With the number of mobile malware exponentially increasing every day, there is more opportunity for cyber criminals to prey on those unprotected devices. This leaves SMBs struggling to maintain security and control over a wide spectrum of devices that their employees use for work.

2. Migration to the Cloud

Another IT trend that serves SMBs particularly well is the migration to the cloud. SMBs can find real efficiencies in outsourcing their IT and communications systems to the cloud. They can reduce costs, improve offerings, eliminate complexity and have less need for on-site IT staff. These are great objectives – as long as security is not sacrificed.

The problem lies within the services that the cloud providers offer. Most do not offer a forensic capability as part of their base offering. This means that if a company’s data stored in the cloud is breached, it will cost the company more time and resources that law enforcement or a security firm use   to trace and remediate the breach.

As the adoption of mobile devices and cloud storage continues to be a trend so will the importance of security. There are several recommendations for SMBs to better protect themselves from cybercrime.

3. Solutions

Security must first become top of mind with SMBs and not just when a breach happens. All companies large to small should implement integrated and connected security system with real-time situational awareness of threats. This means that all phones, laptops, desktops and servers must be connected to allow networks over time to recognize threats before they can overtake the network functionality.

Mobile devices can pose more of a danger than the traditional PC, as they sport location information, are easily stolen, and often contain personal information of not only the owner but hundreds of friends, family and contacts.  These fun, convenient little devices are very vulnerable. Small business owners can take the following precautions to make sure their employees’ devices are secure:

• Educate employees on their role in protecting the organization, its data and brand against theft, loss or malicious use
• Use complex, alpha-numeric passwords
• Have policy controls over memory card usage and encrypt data
• Protect against Trojans with black listing and whitelisting applications
• Install firewall on the mobile device to restrict inbound connections and prevent use of the mobile device as a bridge

When it comes to cloud storage SMBs should make sure their providers offer certain protections even if it is through a third party provider. Also before putting anything into the cloud, make sure the value and sensitivity of the data is understood. Only after there is a complete inventory of the data should SMBs move it over to the cloud.

Not only is it important to make sure that you know what data is going into the cloud it’s equally important that all channels of traffic (email, web and authentication) that move data to and from the cloud are secure.

There is only so much an SMB can do on its own, which is why both the private sector and government need to lend a helping hand. By providing security for not only mobile and cloud platforms the security and IT industries need to keep their focus on innovation. Government can help by  enabling initiatives that will facilitate the sharing of cyber intelligence to the private sector.  This enables smaller companies to access the intelligence (mathematical indicators of threat behavior) protection mechanisms that to date are limited to larger organizations with security budget.  In return, that same intelligence set that can now attach to smaller businesses because the facilitated information sharing can now add to the knowledge that is used to protect the larger businesses,  TO borrow a word from the Department of Homeland Security, this creates an ecosystem, constantly changing and adapting to new threats.

Small and medium businesses comprise most of our network ecosystem, and often harbor intellectual property and personal information just as larger businesses do.  We need to include them in the network intelligence at low or no cost, to help them help us protect our future.

In soccer, both teams prepare for competition by practicing and implementing a game plan around how best to attack and defend against the opposition. This is similar to what SMBs need to do to protect themselves from cybercriminals that are trying to infiltrate their network.

Training and Practice:

• Before any team takes the field, they need to create and learn a playbook of offensive and defensive strategies and must put in the time to train and practice in order to succeed in the game.
• For SMBs, their playbook is a company security strategy and the training of their employees in security awareness. From mobile devices to computers, it is important for SMBs and employees alike to understand current cyber threats, what they can do to stay safe and what security products to employ to protect devices and their use. SMBs practice by bringing up security awareness with their employees regularly and providing annual security training.

Making sure all players are protected with the right equipment and have the right set of skills:

• No coach would let their players onto the field without the proper safety equipment, understanding the rules of the game and physical training. For soccer, this means wearing the proper protective gear, like shin guards, and teaching your players the basic passing and dribbling skills. In the security world, it is no different. SMBs need to make sure all devices, servers, web and email are protected with the appropriate security solution.

Building strong team morale:

• The more your players think like a team, the more they will play like a team. For SMB owners, they must coach their employees in the basics of good cyber hygiene i.e., using strong passwords to make sure their “team” is safe from attacks. The stronger the password, the stronger the defense.

Now that SMBs have practiced “security drills,” they are ready to face their opponents (the cybercriminals) on the “cyber” field. SMBs must be ready to defend against incoming attackers and protect their goal (customer and business data) with a multi-layered approach.

The cybercriminals will first have to get through the SMB offense – their web security solution. Web security protects employees when they are online, warning them about which sites to avoid and if they are at risk. Next, the cybercriminals will be challenged by the SMB defense- their email security solution. This defensive line will block any phishing scams or malware trying to break through. In soccer, the last line of defense is the goalie. Without the goalie the goal is left unprotected. SMBs need to ensure that every device that touches business data or the network is protected with endpoint security.

In the World Cup of business, before your team steps onto the field, ensure you have invested in pre-game preparation to keep cybercriminals from scoring the winning goal.

The word ‘cyber’ automatically gets associated as being large scale, maybe involving nation states, and most definitely large corporations. Cybercrime, despite the prefix, is still just crime.

A small business wouldn’t think twice about putting a lock on their safes, buildings and minding who has access to the cash register. Protecting small businesses from cybercrime will take adjusting these fundamental concepts to today’s environment where the criminal element is global, faster, and now digitized. Cybercriminals may not even know that they are exploiting a small business because their automated scripts and/or underground purchased lists will find the sites, networks or servers that are vulnerable. Those not aware of these risks or are slow to take appropriate actions will succumb just by the sheer volume and velocity of cyberattacks. Yes, it is time to sound the alarm.

Smaller businesses are more likely due to cost constraints to allow employees to bring their own devices (BYOD) of smartphones and laptops for use for work.  They frequently use services through the cloud like file storage, document processing, customer relationship management, social media for marketing and don’t forget email. These are the now the fundamentals for business and create unique exposures. However, there is help for small business owners to combat the growing cybercrime threat. They can also utilize cloud services for critical security management that can automate and utilize experts who will ensure the devices, servers and email are protected.

The commoditization of IT helps small businesses compete and support their entrepreneurial efforts. Cost-conscious businesses should take a proactive approach and consider IT security as an investment that’s as critical as accountants to their business. The five steps to building a stronger SMB infographic takes a look at how to provide protections for today’s landscape to prevent crime casualties. Whether you feel comfortable with cyber in your vocabulary, cyber threats are real and cybercrime is growing. Learn more about the solutions that can protect your business.

Unfortunately, SMBs are in fact a valuable target for cybercriminals. Hackers count on companies who underestimate their exposure, and more than 75% of data breaches in 2011 targeted small and medium-sized businesses. In addition, the downtime from a cyber attack can be devastating for a small organization, much more so than for large, more established enterprises – with costs ranging from business downtime to lost data, compromised customer records, regulatory fines, and more.

SMBs need to take a closer look at their security measures, keeping in mind that a proactive approach is always better than a reactive one. Here are 5 key steps to help build up the security at your business to make it as difficult as possible for the bad guys:

Across the globe, SMB owners have been securing their networks in a variety of ways.  However, most SMB owners using connected office equipment still do not grasp the severity of deploying unprotected devices, and those that do, struggle to implement secure practice for all devices.

The most overlooked office devices that are not typically connected to broader security strategies include copiers, printers, fax machines and multi-function printers (MFPs). In a recent Xerox-McAfee study, it was revealed that 50 perfect of employees whose workplace has a printer, copier or MFP say they’ve copied, scanned or printed confidential information at work. Where does that data go once the job is completed? Where does it go when a copier or printer is recycled or resold? Sensitive employee and company data can fall into the hands of cybercriminals.

Most employee’s think their computers pose the biggest security threat to their company’s network compared to other IT devices, while only 6 percent say it is MFPs. This small percentage is proof that employees simply do not realize their office MFPs really are networked devices that are vulnerable to hacks just like their PCs. Combine these stats with the fact that the average organizational cost of a data breach is $5.5 million and you have a pretty strong argument for taking this warning seriously.[1]

And, what exactly are the repercussions from such a breach? The severity of such breaches range from financial losses to legal consequences to brand reputation damage. With security threats on the rise, SMBs have a growing desire to secure and manage their connected devices.

McAfee recommends that SMBs take these simple steps to protect themselves from being easy targets for cybercriminals:

• Do Your Research: Take the time to research possible threats to all of your vulnerable devices including printers, computers and mobile devices. Do not trick yourself into thinking that cybercriminals only go after the big companies. Look into security products that can help you protect your growing business
• Find Comprehensive, Scalable, Effective Solutions: These allow you to conduct your business under an umbrella of layered protection—covering all attack routes, adjusting automatically as your business grows and maintaining up-to-the-minute technological currency
• Invest in a Cloud-Based SaaS Security:  A complete security framework contains firewall protection to protect against hackers; email security to protect against phishing and viruses; regulatory compliance libraries and encryption to identify and secure sensitive data; email continuity to ensure always-on email service; and web filtering to protect against spyware, malware and the abuse of web privileges

To read or download the full Xerox-McAfee study, click here http://www.mcafee.com/us/resources/case-studies/cs-xerox.pdf

For more information on SMB security solutions, click here http://www.mcafee.com/us/small-business/smb-security-solutions.aspx

I have been travelling regularly talking to partners across EMEA and one thing I am hearing over and over is how do I do more business with SMB’s?  With approximately 50 million new small to medium businesses starting globally each year—which is more than 125,000 per day—is it any wonder why McAfee Partners want to know how we can make them more successful within one of the fastest growing markets in the IT industry?

Millions of SMBs are in search of a trusted security advisor representing tremendous growth for McAfee and our partners. From SaaS to on-premises suites covering email, web endpoint and mobility, McAfee can provide the right SMB security solution for every customer need. Additionally, McAfee provides everything you need to make money quickly with SMB customers; rich margins on SaaS solutions for SMBs, deal request approval in hours, a full range of go-to-market materials to support your marketing efforts, and cash prizes given through the McAfee Rewards SMB Extravaganza.

According to a recent SMB study, global IT spending by SMBs was up 15% year-over-year in Q1 2012. Combine this with the fact that most SMBs lack the IT staff to adequately protect themselves from today’s sophisticated cyber attacks and you start to understand why McAfee has strategically invested in protecting the SMB market with:

• The industry’s broadest SMB security portfolio: we recently updated our dedicated SMB TSA, TSB and STP SaaS products with new features
• Incentives to fuel SMB sales: we doubled our McAfee Rewards payout to partners offering $2 per node on our TSA, TSB and STP products
• Training focused on going after the SMB market: we recently launched a new video-based partner enablement platform on the PARC called SMB TV

We aren’t talking about our plans to go after the SMB market, we are going after the SMB market and together with our partners and we are delivering results. Here are just a few recent SMB highlights:

• We saw a 45+% Q/Q increase in SMB deals registered
• 70% of our SMB registered deals were approved in less than 30-minutes
• Our Partner Acceleration Resource Center (PARC) surpassed the 30,000 unique visitor milestone and more importantly 2/3 of the PARC visitors are returning
• We more than doubled our McAfee Rewards per node payout on select SMB products, the result, partner claims on these products tripled Q/Q

The great thing about McAfee’s SMB go-to-market strategy is that it is 100% partner-led, which means if you don’t succeed we don’t succeed. And, if you are interested in learning more about becoming a McAfee partner to boost your SMB profitability go to: http://www.mcafeepartners.com/parc.nsf/html/SMB+Specialization+Program

According to a recent SMB study, global IT spending by SMBs was up 15% year-over-year in Q1 2012. Combine this with the fact that most SMBs lack the IT staff to adequately protect themselves from today’s sophisticated cyber attacks and you start to understand why McAfee has strategically invested in protecting the SMB market with:

• The industry’s broadest SMB security portfolio: we recently updated our dedicated SMB TSA, TSB and STP SaaS products with new features
• Incentives to fuel SMB sales: we doubled our McAfee Rewards payout to partners offering $2 per node on our TSA, TSB and STP products
• Training focused on going after the SMB market: we recently launched a new video-based partner enablement platform on the PARC called SMB TV
• Marketing resources to drive SMB demand: in June we are re-launching SMARTmarketing, an e-commerce marketing portal that provides partners, quick and easy access to the right SMB marketing tools, resources and advice

 We aren’t talking about our plans to go after the SMB market, we are going after the SMB market and together with you, our partners, we are delivering results. Here are just a few Q1 2012 SMB highlights:

• We surpassed the 2,000 SMB Specialized partners milestone
• We saw a 45+% Q/Q increase in SMB deals registered
• 70% of our SMB registered deals were approved in less than 30-minutes
• Our Partner Acceleration Resource Center (PARC) surpassed the 30,000 unique visitor milestone and more importantly 2/3 of the PARC visitors are returning
• We more than doubled our McAfee Rewards per node payout on select SMB products, the result, partner claims on these products tripled Q/Q

The great thing about McAfee’s SMB go-to-market strategy is that it is 100% partner-led, which means if you don’t succeed we don’t succeed. So let us know how we are doing by commenting on this blog. And, if you are interested in learning more about becoming a McAfee partner to boost your SMB profitability go to: http://www.mcafeepartners.com/parc.nsf/html/SMB+Specialization+Program

 The fact is that cybercriminals are now focusing their attention on small and mid-sized businesses (SMBs) because they are typically easier targets than large, multinational corporations.  They know you don’t have time to deal with security, so they are betting you didn’t get that far down on your “to do” list.  Plus they are hoping you weren’t smart enough to call an expert consultant or partner to handle it for you.  SMBs become an easy target with valuable data because many of you deliver services and products to larger companies and governments, so it’s likely you have some of their data as well. 

With the rapid growth of viruses, phishing scams, and high-profile data breaches you must take proactive steps to protect your business in order to stay ahead of the bad guys.  How much security you need depends on the size and nature of your business.  And how you manage it depends on whether you prefer to lease or buy, managing it on-premises with your own IT staff or outsourcing it to a service provider with IT expertise.  

Cloud-based security offerings are perfect for growing businesses.  By effectively “leasing” your security solutions from a service provider, you won’t ever pay for more than what you need, can scale your security needs as your business expands and seasonally contracts, can access world-class security in a cost-effective way, and can focus your internal resources where you want them – on driving new projects that grow your business.

From a hacker perspective, there are only two kinds of businesses – those that have been breached and those that are about to be.  If you’ve been breached or a victim of fraud, chances are you have rethought your assumptions about what security solutions to buy, and how to implement, maintain and manage them.  If you haven’t been a victim yet, now is your chance to be proactive and prevent it. 

Your existing security requirement may be to sustain and/or enhance protection against malware, spyware, spam, and a myriad of other intrusions and vulnerabilities. Your business requirements however are focused on efficiency, performance, and seamless protection, with less time, effort and investment on your part.  You can get the best of both worlds with a cloud-based solution that can grow with your business and provide the security you need without the management headaches that often accompany a major IT project.  And if you want to try out some options, check out the 30-day free trials of McAfee’s Suites (from SaaS to on-premises suites covering email, Web, desktops, devices, and mobility) to protect your most valuable asset – your data.

Protecting Your Small Business.  I spoke with the Committee about the issues small businesses face in combating cyber security threats. Based on McAfee’s perspective and insights, I provided recommendations that small businesses can take to protect themselves from cyberattacks and offered policy recommendations to support the small business community and improve public/private sector information sharing.

Small businesses can face the same cyber security risk as larger entities, yet they often cannot afford dedicated security staff, training, or comprehensive solutions.  Government can play a great role in protecting small businesses that comprise the majority of our corporate community, by subsidizing security products and services based on solid risk assessments, and incentivizing (e,g, through tax incentives or insurance) solid cyber investment.

Small businesses are the backbone of our economy. Having generated 65 percent of new jobs over the past 17 years, small businesses play a critical role in the nation’s economy.  According to the SmallBusiness Administration (SBA), small businesses represent 99.7 percent of all employer firms and also hire 43 percent of all high tech workers and produce 16.5 times more patents per employee than large patenting firms.

Public-Private partnerships are crucial for small businesses to engage with government and private sector entities with larger resources to exchange intelligence and best practices.

Further, because small businesses comprise the majority of our corporate population, larger entities benefit as well from the collective cybersecurity intelligence across small businesses.

Small businesses have a great wealth of information and it’s critical that the data remains secure. However, small businesses lack the funds to employ a dedicated security team or purchase enterprise security solutions, and thus, protecting these establishments is an ever growing important issue.

It is critical that small businesses take the necessary steps to protect themselves from cyber attacks. Here are a few recommendations:

*         Early adoption of three new security and industry trends-Software-as-a-Service (SaaS), managed security services, and dedicated security appliances

*         Minimize the amount of sensitive information retained in the organization

*         Practice risk management first

*         Buy the appropriate level of security

As Congress and the public/private sector continue to build upon the strides already made in addressing the cybersecurity challenges, we can successfully evolve ongoing efforts to protect our nation’s critical infrastructure from sophisticated cyber attacks.

We are only as strong as our weakest link, and we need incentives and subsidies for good cyber security for small business!

McAfee International Limited is registered in England and Wales with its registered address at 100 New Bridge Street, London, Company No. 02825890