May 20, 2016
Small business owners can become complacent when it comes to protecting their businesses from security breaches. In 2015, a survey on information security breaches carried out in the UK showed that 9 out of 10 large organizations suffered some form of security breach. Small businesses, however, are not exempt from these problems. In fact, because a lot of small businesses have no countermeasures against cyber attacks, they’ve become a prime target for hackers.
What a lot of people don’t realize is that it doesn’t take a PhD in computer science to hack into an insecure computer network. With default passwords like “password” or “admin,” just about anyone could break into a computer filled with sensitive information — from the employees’ biodata and payroll information to company secrets and product prototypes.
It’s always better to avoid the risk of security breaches, no matter how small your company may be. With that said, here are seven things you can do to protect your small business from cyber attacks.
Duh, right? Wrong. Companies around the world fail to recognize the importance of regulating password protection. Most hacker tools only check for common passwords and the most basic security measures can foil them. Some hackers can use personal information, but as long as you keep it complicated, you should be fine.
One of the best way to create secure passwords is to convert sentences to a single word, e.g., from the sentence, “I made a new password that’s much stronger” to “IManpTMS.” While it may be easy to remember for you, an outside observer, or a hacker’s computer, would read it as gibberish.
Install a Firewall
While common sense is the best protection against viruses and malware, it can’t protect you from unscrupulous hackers who desperately want to breach your network. You need a good firewall and a set of malware tools that you update as frequently as possible. Hundreds of services are available to give you the protection you need and they won’t cost that much compared to an information breach.
Train Your Employees
Phishing scams are a terribly effective and incredibly mean form of cyber attacks. The attacker, via email or phone call, will attempt to extract information from the user without their explicit knowledge. Hackers have stolen Facebook passwords this way by sending emails purportedly from Facebook, then leading the user to a fake site. When the user inputs his username and password, the site redirects to the original Facebook, and the user was none the wiser. This is just one of the many subtle forms of phishing out there.
In order to avoid a security breach due to this issue, train your employees to be cautious when reading and responding to emails, as well as checking the URL of the sites they’re on. It could save everyone a lot of trouble.
While this seems fairly obvious, a shockingly large number of companies have no backup plan when it comces to security breaches. Computers could fail at any time and the last thing you want to do is scavenge for pay-stubs and employee agreements when your company is falling apart.
A data breach could also mess up configuration files, applications and other necessary systems within your company. With many enterprise-grade cloud backup options now widely available for small businesses, backing up becomes cost-effective and much easier to do.
Delegate Banking Tasks Separately
While giving unlimited company access to employees is an impressive showing of transparency, it leaves you open to the most common purveyor of cyber attacks: human error. If they have access to everything, so does a single hacker that breached a single computer.
When one uses the computer to go on social media or surf the web, it becomes easier for hackers to access the information on that computer. Having computers dedicated solely to online financial transactions will not only make it easier to keep track of banking transactions, but also limit outsider access.
Encrypt Sensitive Information
Sensitive information should always be placed on an encrypted disk. Encryption temporarily jumbles up information when stored so that hackers can’t get into the company database. And if they do, the information they steal will be a mess of jumbled symbols – perfectly unusable, especially with a secure password.
A study done on Apple’s full disk encryption concluded that it would take approximately 34 years to crack an Apple-encrypted device without using Apple’s decryption technique. Unless necessary, never store sensitive information in unencrypted hard drives, or even retain them in a web page.
Plan for the Worst
Even the most well-guarded systems can be cracked by veteran hackers. That being said, it’s always a good idea to have a last line of defense in case your company falls victim to cyber attacks and computer fraud. Disaster recovery plans (DRP) are freely available on the Internet.
A plan of recovery in the case of a cyber attack can go a long way in recovering lost data. There are even insurance policies that cover any losses from cyber attacks and computer fraud, so while that may set you back a couple of hundred dollars a year, it’s much better than picking the remains of your company off the floor of a hacked computer.
Photo: Flickr / Perspecsys Photos
Did you like this article?
Get more delivered to your inbox just like it!