[BreachExchange] Protecting your Small Business from Cyber Attacks
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Nov 29 20:44:22 EST 2016
http://www.groundreport.com/protecting-small-business-cyber-attacks/
How many times have you used the sentence – It won’t happen to me? How many
times after you’ve used this sentence the exact thing you thought would
never happen was exactly what came to pass? It is safe to assume that we
should always be as prepared as possible for all the games that life can
play on us, and that means expecting the unexpected in all areas.
It is important to note that simply believing something bad won’t happen to
you isn’t any form of protection, which is why you should take things into
your own hands. This rule can and should be applied in all aspects of your
life, but is particularly valid when it comes to your business
expectations. True, we can never be prepared for every scenario, but there
are definitely things we can prevent from happening if we’re cautious
enough. Especially if you’re running a business of your own, it is
paramount to do all in your power to protect it, and unfortunately, one of
the biggest problems of aspiring small businesses is the lack of cyber
security.
Cybercriminals on average throw ten thousand threats a day to small
businesses all over the world, and the policy of “It won’t happen to me”
simply isn’t realistic anymore. You should dedicate time and money into
keeping your company out of malevolent reach of black-hat hackers, and it
is no longer a commodity, but a necessity. This is why we’ve decided to
discuss some of the foolproof ways to protect your business from
cyber-attacks, so that you can have some peace of mind while working on
improving and expanding your reach on the market.
Begin with your Staff
Running a small business allows you to handpick who will work with you and
know just how trustworthy each one of your employees is. This is your
starting point when it comes to cyber security – human error and how to
downsize it as much as possible.
Your staff should know as soon as they start their job what is the security
policy of your business. If you don’t have a security policy, by all means
create one as soon as possible, otherwise no one will know what to do in
case of a problem. Naturally, you want to surround yourself with people who
know how to do their job, but who are also willing to pay attention to the
protection of your company. After you’ve made sure that your employees are
loyal and without any malevolent intent to endanger your cyber security,
you can move on to educate them on what they should do if they spot unusual
activities or suspicious emails. We’ve already mentioned that you will need
both money and funds to do this, and the best way to get around it is to
hire an IT expert that will able to explain to your personnel (and to you)
what can and should be done to protect your business. This will discourage
any form of reckless and unsafe behavior among your employees and it will
give them strong guidance on how to behave in any unpleasant situation that
might arise.
Think Ahead
Being proactive is everything when it comes to internet protection, because
if you’re worried about your security only after it’s breached, you’re too
late. Not thinking about precautionary measures against illegal activities
that put your business at risk is practically allowing criminals to get
through your front door.
>From day one, you should consult IT advisors to tell you what needs to be
done to protect your confidential data safe. This will depend on what line
of business you’re in, as well as how much of it is conducted over
internet. It is safe to say that you will need basic protection in the form
of good antivirus software to start with. It would be wise to pay for a
good business plan that many antivirus providers offer and that will
protect all the devices of your offices against viruses and malware, and
will provide you with highly functioning firewall as well. In case you’re
not certain which safety program to choose, there are useful lists that
categorize top ranked antivirus software, so that you can find the one that
fits your needs more easily.
Aside from antivirus, be sure that your personnel have strong passwords for
any form of access they’re granted and let them know that those passwords
should remain known only to them. Speaking of access, you should limit it
as much as possible, so that only selected few can get to the most
confidential files. Another thing to always bear in mind is to update your
antivirus software, operating system of any app you’re frequently using as
soon as an update appears – that diminishes the possibilities of hackers to
use your missing to update against you.
Think about Getting Data Breach Insurance
Did you even know this kind of insurance exists? It might look like
reckless money spending, but seeing the speed at which cyber criminals
discover new ways to slither under our protection, getting insured against
data breach might not be the craziest idea.
The policy doesn’t have to cost much, but it can protect you from breaches
that are caused by either your employees or attacks from the outside and
compensations are usually worth the investment. What’s more, if push comes
to a shove and you end up in court, there are insurance companies that will
cover those expenses too. Security breach in a small business can still
cost a fortune, not to mention the loss of trust with your customers and
partners. One other thing worth mentioning is that hackers sometimes use
small companies as a stepping stone to get to the bigger, more influential
business owners and you don’t want to be in the middle of this messy
situation. These are some reasons why getting data breach insurance might
be a good idea on the long haul.
Monitor Your Business’ Computer System
This is probably one of the most useful actions you can take when it comes
to your cyber security. You should conduct regular checkups of your
business’ computers and devices to be sure whether something potentially
dangerous has found its way around your safeguards.
Having an experienced IT employee at hand will be of great help if you can
afford one. That person will be in charge of doing monthly tests in search
of security weak links and they will know exactly what the state of your
internet protection is. You need to be aware of your vulnerabilities so
that you can remove them as quickly and efficiently as possible, otherwise
you risk handing your entire business to cybercriminals. It is incredibly
easy for internet pests to stay under the radar even when you’ve got
high-quality programs and strong resources working against them, which is
why having someone who will monitor your business’ computer system and keep
everything under control could be of immense help.
BYOD Policy Needs To Be Clear
It’s safe to say that there is no way of stopping your employees from
bringing their own devices to work, unless you want to earn an image of a
tyrant. Besides, there are arguments that people can be more productive
when working from their own laptop or tablet (in case they’re not using it
to browse Facebook).You needs to have a clear BYOD policy (Bring Your Own
Device) and your staff need to be aware of it. Experienced hackers can use
unprotected personal devices of your employees to swim into your company’s
network, after which it will be a piece of cake to get their paws on
anything of value.
We strongly recommend setting up a separate Wi-Fi network for guest devices
that aren’t a part of office inventory, so that even when your employees
use their private device, they do so through a public network that can’t in
any way risk the security of your business network. Also, it would be a
good idea to help your personnel get a stronger sense of mobile security,
because their own security might be at risk, as well as of your business’
because criminals will first hack their technology and wreak havoc there
and then move on to the whole system.
Getting your business secured against cyber-attacks isn’t necessarily an
easy feat, but it is one you should take seriously nonetheless. Too much is
at stake when it comes to internet security and you want to do all in your
power to protect your company, your employees and yourself from dangers
that never stop coming.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161129/ad5bfa27/attachment.html>
More information about the BreachExchange
mailing list