Cyber-security has always been important, but following the growing stream of large-scale attacks in the past year there’s never been more urgency around the topic than now. In late 2013 Target got hit with what was then the biggest retail hack in U.S. history. And then last fall Home Depot succumbed to an epic attack that compromised 56 million credit cards. Finally, at the end of 2014 cyber-criminals attacked Sony Pictures. All of these debacles further highlight the increasingly brash and bold nature of this dark industry. What we’ve learned is that no organization, company, or entity is invincible against cyber-attacks.
Unfortunately, cyber-attacks will only get more sophisticated in the years ahead. As technology continues to scale up, cyber-criminals will get more brazen and underhanded. If companies like Target, Home Depot, or Sony Pictures are vulnerable to such attacks, then small businesses have to seriously weigh the risks of culprits penetrating their sites.
To compensate and counter-act the threat of a crippling attack, it’s critical that small businesses take preventative measures to make their infrastructure cyber-strong. Embracing best practices for cyber-security within your organization will go a long ways to preventing the financial loss, brand damage, and other problems that accrue from a cyber-attack. Let’s walk through 10 security strategies that every small business today really needs to adopt in order to keep cyber-strong.
1. Create a cyber-security culture
It’s easy to assume that IT has cyber-security all under control. Getting serious about cyber-security is really a cultural mindshift that has to become pervasive across the organization. One article puts it this way: “a cybersecurity culture is when everyone in the organization understands the need to keep networks and data secure, and they play an active role in that understanding. It’s an environment in which employees are trained and continually updated on security procedures, not to mention made aware by their managers of which activities are safe and which activities put sensitive data at risk.” Much of this begins with education. Training your employees is the best approach for improving security awareness and effectiveness. Sponsoring events and periodic reviews to encourage and enforce the importance of password protection and adoption of security policies will go a long way towards protecting the organization’s assets.
2. Test your infrastructure
It’s a good idea to start with a macro-level review of your security system. This is known as a penetration test and seeks to actively exploit vulnerabilities in your company’s infrastructure to determine the real-world effectiveness of current security protocols against skilled hackers. Experienced service providers such as Redspin can help organizations protect critical data, maintain compliance, and reduce overall risk. It’s better to start with a friendly consultant trying to hack into your system than finding out the hard way that you’ve been breached.
3. Regularly update anti-virus software
While budgets are tight the risks of not having your network secured with the appropriate firewall and business class anti-virus technology far outweigh the costs. Ensure that your software is updated with the latest patches and that all mobile and desktop applications, email programs, and browsers are covered.
4. Require stronger passwords
Make sure that all employee accounts are protected with strong passwords and limit administrator privileges only to employees that absolutely need this access. Require passwords that are long and contain many numbers and symbols as this helps protect against the likelihood of unwanted access to proprietary assets.
5. Secure your browser
Web browsers are one of the biggest points of security vulnerability. Malware frequently hitches to ads and other unreliable downloads and can inject viruses into your computer, putting your data at risk. Ensure that you only transmit personal information over a secure connection and always use an HTTPS connection when accessing the internet from a device with company information.
6. Change router default security settings
Router manufacturers often use the same default login information such as “admin” or “password” or some simple word. Since these are known to hackers, it’s important to change the default settings immediately upon setup.
7. Frequently backup your critical data
This should seem self-evident but it bears repeating. Set your system to automatically backup all important data such as financial records, legal information, customer account information, and proprietary databases.
8. Guard against phishing attacks
A common means hackers use to capture private data is through spam or fake emails that purport to be from legitimate corporations, banks, or other institutions. Never click hyperlinks in suspicious or unverified emails, especially ones requesting information or payments. Keep in mind that legitimate institutions that offer payment options will always have HTTPS websites equipped with SSL protection. Implementing desktop and network firewalls and anti-spam email software also will reduce the likelihood of these kinds of attacks.
9. Develop a cyber-security emergency plan
In the event of a breach, have a plan in place to identify and close the vulnerability, work with third-party security experts, and provide transparent updates to partners and customers.
10. Adopt a personal encrypted VPN service
VPN was once the luxury of big enterprise businesses, but now there are many personal VPN vendors such as WiTopia and StrongVPN that cater to small businesses and which run as little as $10 a month. The advantage of a personal VPN is that it provides a layer of encryption at the router level that protects all the network traffic entering or leaving your computer. This extra protection makes it very difficult for hackers to break through and steal information.