GO
Loading...

Cybersecurity: Are You Protected From Your Own Employees?

Bjdlzx | Stockbyte | Getty Images

The president has issued an executive order to address the growing concern of America's cybersecurity.

In the last year alone, there were more than 314,000 internet crime complaints submitted to the FBI with each data breach costing American businesses an average of $636 in recovery and prevention costs.

While the president calls for tougher programs to help assist in the prevention of such attacks to our digital infrastructure, there are many concerns that need to be addressed.

(Read More: Cybersecurity: CEOs Are Fighting Back)

The principal concern deals with the costs associated with protecting small businesses. Given the fact that there are 34 million small businesses in the United States (according to the U.S. Small Business Administration), many lack the sufficient resources to add these additional layers of security. The president's "voluntary" program fails to address any sort of financial assistance or incentives for businesses to comply. The cost of protecting a company's digital infrastructure can be very high depending on the amount of data that the firm manages.

(Read More: How to Defend Against a Cyberattack)

According to research by Veracode, a leading application risk management firm, 72 percent of the known hacker breaches in 2011 impacted businesses with less than 100 employees. Furthermore, 50 percent of these small businesses felt they were too small to be targeted by cyber-crime.

Cybersecurity starts in-house.

Far too often, businesses fail to take basic steps to protect their digital infrastructure. In fact, the majority of data breaches derive from disgruntled employees with access to critical data. Far too often, they steal their own company's data and sell this information for lucrative amounts to professional cyber-thieves.

Simple steps, including protecting who has access to mainframes and company servers, can help protect and reduce the amount of cyberattacks.

(Read More: Why Companies Keep Quiet About Cyberattacks)

In the same research by Veracode, 61 percent of small businesses do not have antivirus protection on all of their in-house computers and 77 percent do not have an in-house Internet security policy.

Clearly, we notice a lack of basic security and employee training in the workplace that would help employees identify certain email messages that lure employees in to data breech opportunities. For example, we often see the email that is sent to our employees inviting them to register for a new product that includes a harmful link in the message.

Training programs that aim to keep our employees up-to-date with trends in dangerous messages can help prevent some of the attacks. Other in-house considerations, including maintaining sophisticated anti-virus and spamware applications, need to be addressed as well.

The concern, however, is finding the parallel between meeting the rising demand to protect a businesses' digital infrastructure and the costs associated with protecting it.

While the president has acknowledged that "information warfare" is a serious danger, the voluntary adoption plan still lacks clarity in how small businesses will be incentivized to participate in the executive order. Over the next few months, there must be additional details for how our 23 million small businesses can participate in the new "cybersecurity framework," including an emphasis on incentives for the plan.

Businesses continue the ongoing battle with rising operational and labor costs, and must start devoting resources to protecting their cybersecurity. The president is taking the right course by attacking this head-on, however, he needs to clarify the framework and consider offering incentives to participating firms.

(Read More: 10 Ways Companies Get Hacked)

Kenneth Wisnefski is a serial web entrepreneur and founder/CEO of WebiMax, a digital marketing firm based in Mt. Laurel, N.J. Mr. Wisnefski is an expert source in entrepreneurship, small business, online marketing and online security.

Featured

  • CNBC's senior correspondent and lead investigative reporter, Scott Cohn also appears on "NBC Nightly News with Brian Williams," "Today" and on MSNBC.

  • Co-anchor of CNBC's "Squawk on the Street," David Faber also is a co-producer of CNBC's original documentaries.

  • Eamon Javers is a reporter based at CNBC's Washington, D.C. bureau, appearing on business day programming and contributes to CNBC.com.

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

Technology Explained