Panda Security’s Latest Survey Shows Small Business Fails At Data Security

I’ve been working on an article for some time, investigation whether small business is up to the task of protecting your personal information; particularly your financial data (credit card, debit card, details), following a consumer transaction.

The background research has revealed a sobering reality – many small and medium sized businesses really suck at protecting their customers’ critical financial information.

So, when I had the opportunity to read Panda Security’s study (released yesterday), of security in SMBs (including 1,500 US SMBs), which showed that a startling percentage of US based SMBs just don’t get the security equation, I was not in the least bit surprised.

Look at these stats from the survey:

The infection ratio at U.S. companies has slightly increased since last year (46 percent in 2010 compared to 44 percent in 2009). It has dropped in Europe (49 percent in 2010 compared to 58 percent in 2009).

Viruses are the most popular threat SMBs are encountering (45 percent), followed by spyware (23 percent).

Thirty-six percent of US SMBs use free consumer security applications.

Unbelievably, 13 percent have no security in place!

Thirty-one percent of businesses are operating without anti-spam

Twenty three percent have no anti-spyware.

Fifteen percent have no firewall.

Participants: The survey consisted of companies with between 2 and 1,000 computers. 1,532 in the United States participated in the survey, and nearly 10,000 in total across the U.S., Europe, Latin America and North America.

The next time you use your credit/debit card at your local Butcher, Baker, or Candlestick Maker, consider carefully the risks involved. It might be prudent to inquire whether the business operates in a twenty first century security environment.

Yes, I know, you might see this as an overreaction – but it’s hardly that. Unless we, as consumers, force the issue, many SMBs will continue to operate with their heads up their in the cloud – unfortunately, not in the security cloud.

I’ll tell you a little secret – I never use my credit, or debit card, when transacting business with a small local merchant. It’s not the small monetary loss that concerns me, since the card issuer sets my liability limit at $50. Instead, it’s the more critical information that can be stolen and used in identity theft.

About Panda Security;

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions with products available in more than 23 languages and millions of users located in 195 countries around the world.

Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology.

For more information, visit Panda US.

A PDF version of the full report is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Cell Phone Fraud – Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI), and the U.S. National White Collar Crime Center, cell phone fraud attacks are on the rise.

Given the unsteady state of world economies, a near perfect opportunity has been created for cyber-crooks to take advantage of people’s fears, and the worries, created by the uncertainties surrounding this crisis. Not surprisingly, there has been a major increase in financial-themed phishing, vishing, and spam.

Yes, you’ve heard of phishing, but what’s this vishing you ask?

The IC³ (Internet Crime Complaint Center) describes vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account has been suspended, deactivated, or terminated.

In a common scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, cell phone text message, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they are greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email.

Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their Personally Identifiable Information by e-mail, mail, text message or instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

To reduce the chances of being victimized the following are minimum safety precautions you should take:

Consider every email, telephone call, or text message requesting your Personally Identifiable Information as a scam

Never click on embedded email or cell phone links

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.

Cell Phone Fraud – Protect Yourself from Vishing

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting your PII as a scam.

Never click on embedded email or cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

You can read more on this issue at the Internet Crime Complaint Center.

Internet/Cell Phone Fraud – Vishing, Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

• Consider every email, telephone call, or text message requesting your PII as a scam
• Never click on embedded email or cell phone links
• When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.