Click to learn more about author Samuel Bocetta.
When a major corporation or government website gets hacked, it’s front page news. All the TV talking heads discuss security in general, people panic, and sales of cyber security software goes up.
That’s good for developers and shareholders, but what about small and medium business owners?
The fact is, SMEs are hacked just as often as the big guys, and they may even be more at risk. Verizon commissioned a study, and they found that 61 percent of the victims of data breaches were small businesses.
For one thing, many smaller companies don’t have the funds to pay for security analysts or in-house IT. For another, a hack can drain what meager resources SMEs do have and diminish consumer confidence. In short, lack of security can bankrupt you.
Who wants to do business with a company that can’t keep their data safe, right?
Small and medium business owners may think that being a small fish makes them less attractive to hackers and ransomware holdups. But, criminals know that smaller businesses have fewer resources to dedicate to cyber security, and they’re more likely to pay up because they can’t afford the alternative. They’re also targeted in an effort to gain access to bigger companies they do business with.
Worrying about bolstering security after a hack or cyber attack is too little, too late. You can’t always depend on your web hosting service to handle security, either.
You need to be proactive and prevent a breech before it happens.
Here are seven cyber security tips that, when properly deployed, just might save your business from financial hardship or even bankruptcy:
1. Understand your risk.
A survey conducted by Towergate Insurance found that 82 percent of small business owners didn’t believe they were at high-risk for cyber attacks. Understand that spending money for tighter security goes beyond a simple business expense. It’s an investment in future financial viability and customer trust.
2. Keep your systems and software up to date.
New equipment is a luxury that you can’t afford, right? The problem is there’s a very good chance your business operations need more than the antiquated sophistication of your old Windows 7 computer.
If you can’t purchase or lease new hardware, make sure that what you do have is updated regularly. Business programs, apps, and anti-virus software are constantly upgraded with security patches in an effort to stay one step ahead of cyber criminals. Ensure that you work with reputable software vendors who provide access to the latest security protocols and solutions. You should also run a virus scan after each update.
3. Create a uniform security policy for your business.
When it comes to computer security, half-measures and gaps won’t do. You should sit down with a reputable cyber security consultant and devise a uniform plan for prevention and recovery. Most will provide an evaluation of your current security vulnerabilities and offer recommendations for a solution. Formalize all security measures and put them in print, along with the consequences for those who don’t follow them to the letter.
Never outsource your security entirely to another entity, though. Outsourcing some business functions is a time and money-saver, but security should be handled in-house as much as possible. This not only limits outside access to your data, it also reduces the number of possibilities if there is an attack from the inside.
4. Test your security measures.
It’s not enough to have security in place if it’s ineffective. Penetration testing allows you to check for vulnerabilities, and it should be performed each quarter. If your company is big enough to have an in-house IT team, or at least an IT specialist, turn this job over to them. Otherwise, there are steps that you can perform yourself, such as purchasing software that performs internal vulnerability testing.
5. Make sure that your employees are educated about security.
Your staff should be educated about your company security policy, and they should be trained in preventative security measures. You should also have an emergency response plan in place to deal with breaches, and perform periodic drills.
Education should extend to how to spot suspicious emails and attachments, how to create secure passwords, which should be changed every three months, and the importance of backing up data. Most phishing scams, hacks, and malware attacks enter through unsecured emails, inadequate passwords and security protocols, and simple carelessness.
Mobile devices are exceptionally vulnerable, especially with the rise of telecommuting and mobile work forces. If employees are allowed to bring and use their own mobile devices at work, limit access to sensitive data from these devices. It’s also a good practice to lock down in-house devices and not permit company devices to go home with staff members.
6. Be prepared for the possibility of ransomware attacks.
One of the biggest threats to businesses of any size is ransomware attacks. This is the practice of gaining access to a single device or network and locking authorized users out until they agree to pay for a key to regain access or prevent release of data. The first line of defense is to protect your systems from infiltration, and make sure that employees know how to avoid suspicious emails and attachments that could contain password sniffing software or keystroke counters.
7. Don’t forget about equipment disposal.
When you upgraded your hardware and peripherals, what did you do with the old system? Throwing a computer in the dumpster or even donating it to charity without completely removing the data is like tossing your bank or credit card statement in the trash with all of your information on it.
Deleting files isn’t enough. You can purchase software to wipe the information or use the data removal tools included with your software, but these don’t make information 100 percent unrecoverable. Some security experts claim that one pass is sufficient for overwriting data, but the standard government protocol for data erasure on their systems is three passes.
The Virtual Private Network (VPN) Advantage
If you have control over the company checkback – or the clout to twist the person’s arm who does – look into different VPNs for your business is a good use of time. This service works hand in hand with your ISP to not only encrypt your internet connection but mask your computer’s location by applying the IP address of the VPN server instead.
While a VPN doesn’t reduce the need to follow through with the security tips we just mentioned, it will offer more piece of mind that you’re taking all reasonable precautions to keep the bad guys out of your network.
The Bottom Line
WE probably don’t need to tell you nothing is foolproof. In addition to the seven tips just covered and a reliable VPN, there is one more important strategy to help you and your computer network stay ahead of a hacker’s best efforts.
We’re talking about education.
This is not to say you need to drop everything and get a degree in computer security. What we’re going to suggest is you make it a habit to follow a cybersecurity blog or news site so you are at least aware of the new viruses and malware as they emerge.
As the saying goes, forewarned is forearmed.