DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents

Posted on February 28, 2014 by Dissent

The California Attorney General’s Office has issued a report, Cybersecurity in the  Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents. Here’s the Executive Summary:

Executive Summary

Relatively small investments in cybersecurity preparedness can yield significant risk reductions. Every business in California should follow the steps summarized below, and discussed in greater length throughout this Guide, in order to reduce the chance they will be a victim of cybercrime. These measures, however, cannot guarantee that businesses will avoid cybersecurity incidents, and the Guide therefore contains recommendations for how to prepare an effective cybersecurity incident response plan.

1. Assume You’re a Target

Small size and relative anonymity no longer ensure that you will be left alone. Any company, whether big or small, can be the victim of cybercrime. Just as it has become second nature for most of us to lock our front doors when we leave the house, assume you are a potential target and take basic precautions to protect yourself and your company.

2. Lead by Example

Successful cybersecurity measures require the leadership and dedication of business owners. Cybersecurity is not simply the domain of the “IT person”; executive management has to get involved. Small business owners are uniquely positioned to ensure that they and their employees are following good cybersecurity practices. They are also in the best position to understand their company’s network and all the devices that connect to it. This requires dedicating the time and resources necessary to ensure the safety and security of their information assets.

3. Map and Encrypt Your Data

To effectively protect your data, you first need to know the types of data you have and the location of that data. Comprehensively review the data you have stored on your IT systems, both on site and off, and with third parties (include backup storage and cloud computing solutions in your data mapping project). Once you know what data you have and where it is, take a hard look and get rid of what you don’t really need.

4. Encrypt Your Data

Encrypt the data you need to keep. Encryption is an important step you can take to protect the data you have on your systems. In basic terms, encrypting data – whether it’s email, photographs, memos or any other type of electronically-stored information – encodes it so that those without the encryption keys cannot read it. Strong encryption technology is now commonly available for free, and it is easy to use. The great advantage to encrypting your data is that it renders it far less susceptible to hacking. Finally, machines that handle sensitive information like payroll or point of sale (POS) functions should ideally be on networks or systems separate from machines involved with routine services, like updating Facebook and checking email.

5. Bank Securely

It is essential that small business owners put security first when they engage in online banking. This means that online banking should only be performed using a secure browser connection (indicated by “https” and/or a lock visible in the address bar or in the lower right corner of your web browser window). Online banking sessions should be conducted in the private mode of your web browser and you should erase your web browser cache, temporary Internet files, cookies, and history afterwards so that if your system is compromised that information will not be accessible to cybercriminals. In addition, take advantage of the security options offered by your financial institution. Examples include using two–factor authentication to access your account, requiring two authorized individuals to sign off on every transfer of funds, and setting up account notifications by email or text message when certain higher–risk activities occur on your account.

Also, we recommend setting limits on wire transfers. Sophisticated transnational criminal organizations are now routinely hacking businesses’ computers and wiring large sums overseas where they cannot be recovered. To prevent this, set limits on the amount that can be wired from your accounts, and (depending on your business needs) consider asking your bank to require two executive team signatures before sending wire transfers overseas.

6. Defend Yourself

In choosing security solutions, guard against single points of failure in any specific technology or protection method. This should include the deployment of regularly updated firewalls, antivirus, and other internet security solutions that span all digital devices, from desktop computers, to smartphones, to tablets. Devices connected to your network should be secured by multiple layers of defensive technologies that include, but are not limited to, antivirus technology. Seek out comprehensive security solutions that approach security from multiple perspectives so that you are able to manage risk from the full spectrum of threats you may encounter. Useful capabilities include the ability to remotely locate or wipe a device that’s gone missing and the ability to identify and block never seen before attacks using technologies that analyze behavior and/or employ virtualization tools.

7. Educate Employees

Raise employees’ awareness about the risks of cyberthreats, mechanisms for mitigating the risk, and the value of your businesses’ intellectual property and data. Your employees are the first line of defense, and good security training and procedures can reduce the risk of accidental data loss and other insider risks.

8. Be Password Wise

Change any default username or passwords for computers, printers, routers, smartphones, or other devices. ANYTHING is better than the default. Specifically, you should use strong passwords and don’t let your Internet browser remember your passwords.

9. Operate Securely

Keep your systems secure by using layered security defenses and keeping all operating systems and software up to date. Don’t install software you did not specifically seek out and don’t download software from untrusted or unknown sources. Also remember to remove or uninstall software you are no longer using.

10. Plan for the Worst

Every small business should put together a disaster recovery plan so that when a Cyberincident happens, your resources are used wisely and efficiently. Pick an incident response team and assign a leader. Make sure the team includes a member of executive management. Define roles and responsibilities so that everyone is clear as to who is responsible for what should an incident arise. Communicate to everyone at your company who to contact if they suspect a Cyberincident has occurred (or is occurring). Gather and distribute after-hours contact information for your incident response team. Next, outline the basic steps of your incident response plan by establishing checklists and clear action items.

Read the full report online or download it in pdf version.

Category: Business SectorCommentaries and Analyses

Post navigation

← First American Bank Reports Data Breach in Chicago Taxis
Tyler Junior College data leak exposed housing applicants’ Social Security numbers and dates of birth →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.