By Gautham Nagesh - 05/16/11 04:51 PM EDT
Maurice Jones, chief executive officer of the Washington-area Parkinson Construction Co., described how his firm was compromised by a phishing attack that obtained login and password information for its bank accounts.
Jones said his firm later realized it was missing a significant amount of money from its accounts. By working with banks, Jones said his company was able to recoup some of the lost funds, but not all.
Still, he maintained that broadband access to the Web is vital for the company to remain competitive, since it cuts the number of administrative employees needed by almost half.
Former Secretary of Homeland Security Michael Chertoff said that while it is crucial to manage the amount of risk from cyber-attacks, no plan will completely eliminate the risk of an intrusion.
Chertoff said the only way to do that would be to abandon the network and the benefits it provides. Instead, he said small firms must strike a "realistic balance" depending on their individual concerns.
The commission released a tipsheet on Monday aimed at helping small businesses identify 10 easy steps they can take to reduce the risk of an attack. The steps include training employees in security principles, downloading and installing software updates, installing a firewall for Web connections and limiting the amount of physical and administrative access that employees have to the firm's computers.
Phyllis Schneck, public center chief technology officer for the security firm McAfee, highlighted securing physical access to network infrastructure as crucial, as some of the largest data breaches have been caused by USB flash drives containing malware. She also emphasized the importance of making users regularly change their network passwords.
Another White House announcement on an international plan of cooperation on cybersecurity issues is expected Monday afternoon. Genachowski said he will be participating, but declined to elaborate on details of the event.