10/24/2016 3:19:26 PM
Practical Strategies to Protect Your Business from Hackers
Many business owners don’t worry about being hacked; they feel that their company is too small for a cyber criminal to bother with them. But such complacency is ill founded and represents a substantial risk. Recently, the computer security software company Symantec released statistics showing that 52.4 percent of phishing attacks (cyber attacks directed via fake emails) were aimed at small and medium-sized businesses last year.
Because most big businesses are well protected, hackers often turn to smaller, more vulnerable prey. That’s why it’s wise to occasionally re-examine your digital security measures to make sure your business is safe from outside forces. You don’t need to spend a small fortune, either. There are a number of low-cost steps that any business owner can take to mitigate its risk:
Train your employees to be security-conscious. Whether you opt for professional training or not, you should be instilling a security-minded culture among your staff, says Sanjay Deo, CEO of 24by7 Security, Inc., a computer security service in Coral Gables, Florida.
That means everything from providing training to sending reminders in memos and notes, warning staff to not click on links within emails unless they are sure of the source, Deo says. He also says it’s important to make sure you’re not just protecting your company’s computers from hackers—you also want to be thinking about your personal devices and those of your employees. After all, many employees check work email on their phones. You or your staff may use a personal laptop for work.
“Human beings are still the weakest links in the end-to-end security process,” Deo warns.
If you don’t need your customers’ personal information, don’t keep it. While it’s handy to have your customers’ order history on file, as well as their contact information, do you really need to store their credit card information, including account numbers, expiration dates, and security codes? Retailers that engage in recurring billing will argue yes, but the PCI Security Standards Council, a payment card industry association, discourages storing that data. At the very least, if you’ve never reviewed your policy for collecting information on customers, it would be a prudent move. Many businesses keep a large amount of consumer information on file for data analytics and marketing intelligence purposes, and that can be a smart strategy, but a thief might still find this information valuable. And if you conclude in a review that you’re collecting data you don’t need, and stop certain practices, you may save time and lessen your risk of having information stolen.
Certainly, if you can avoid long-term storage of customers’ personal data without hurting your business model, you should. After all, thieves can’t steal what you don’t have.
Make sure your information is backed up. Everyone knows this is important, but not everyone does it, and it’s one of the best ways to avoid a hacker’s attack turning into a cataclysmic event
“Ensure that all your data on servers, laptops, desktops, and other devices are backed up daily,” Deo advises. “This prevents extensive loss in case of a ransomware attack, the frequency of which has been increasing a lot lately.”
Ransomware is a type of virus that allows a hacker to freeze your computer, phone, or another device so that you can’t do anything with it—until you pay a ransom to release them. The school district of Cloquet, Minnesota, had a ransomware attack on its computers earlier this year, with hackers demanding $6,000. The district was able to get through their problem by erasing the content and reinstalling software without paying the ransom. But plenty of businesses, hospitals, and other organizations don’t have the time or the resources to work around a hack.
Don’t let your company be “visually hacked.” You can end up being so worried about criminals coming through the computer screen to get you that you forget about the crooks offline.
Earlier this year, the industrial supplies manufacturer 3M, based in Maplewood, Minnesota, released findings from the 2016 Global Visual Hacking Experiment. Forty-six companies from the United States and seven other countries participated in 157 trials. The experiments determined that outsiders—they called them visual hackers—were able to observe, photograph, or steal sensitive materials from an employee’s desk 91 percent of the time.
Start having discussions with your management team or staff about the security of your building or work site. Even if you’re a solo practitioner, it’s a good idea to keep sensitive information out of sight and locked away when not in use. Look around your office or work area, and ask yourself who comes in and out, and if they could easily snap a few photos of your computer screen or the paperwork on your desk with their smartphone. Conducting this sort of review might show you that you’re more vulnerable than you believed.
In conclusion. Whatever you do to protect your business, whether through training, securely deleting customer information that’s no longer needed, backing up material, or shoring up unprotected data that could be easily accessed, make sure you do something. These preventative measures might be the key to keeping your digital door locked and the cyber crooks out.
“Small and medium-size businesses are targeted because it is often perceived that they may not have the resources to implement high-end security solutions,” Deo says.
In other words, don’t prove those criminals right.