[BreachExchange] How Can Small Businesses Prevent Cyber Attacks?

[Audrey McNeil]

http://tech.co/small-businesses-prevent-cyber-attacks-2016-05

Small business owners can become complacent when it comes to protecting
their businesses from security breaches. In 2015, a survey on information
security breaches carried out in the UK showed that 9 out of 10 large
organizations suffered some form of security breach. Small businesses,
however, are not exempt from these problems. In fact, because a lot of
small businesses have no countermeasures against cyber attacks, they’ve
become a prime target for hackers.

What a lot of people don’t realize is that it doesn’t take a PhD in
computer scienceto hack into an insecure computer network. With default
passwords like “password” or “admin,” just about anyone could break into a
computer filled with sensitive information — from the employees’ biodata
and payroll information to company secrets and product prototypes.

It’s always better to avoid the risk of security breaches, no matter how
small your company may be. With that said, here are seven things you can do
to protect your small business from cyber attacks.

Strong Passwords

Duh, right? Wrong. Companies around the world fail to recognize the
importance of regulating password protection. Most hacker tools only check
for common passwords and the most basic security measures can foil them.
Some hackers can use personal information, but as long as you keep it
complicated, you should be fine.

One of the best way to create secure passwords is to convert sentences to a
single word, e.g., from the sentence, “I made a new password that’s much
stronger” to “IManpTMS.” While it may be easy to remember for you, an
outside observer, or a hacker’s computer, would read it as gibberish.

Install a Firewall

While common sense is the best protection against viruses and malware, it
can’t protect you from unscrupulous hackers who desperately want to breach
your network. You need a good firewall and a set of malware tools that you
update as frequently as possible. Hundreds of services are available to
give you the protection you need and they won’t cost that much compared to
an information breach.

Train Your Employees

Phishing scams are a terribly effective and incredibly mean form of cyber
attacks. The attacker, via email or phone call, will attempt to extract
information from the user without their explicit knowledge. Hackers have
stolen Facebook passwords this way by sending emails purportedly from
Facebook, then leading the user to a fake site. When the user inputs his
username and password, the site redirects to the original Facebook, and the
user was none the wiser. This is just one of the many subtle forms of
phishing out there.

In order to avoid a security breach due to this issue, train your employees
to be cautious when reading and responding to emails, as well as checking
the URL of the sites they’re on. It could save everyone a lot of trouble.

Back-Up Information

While this seems fairly obvious, a shockingly large number of companies
have no backup plan when it comces to security breaches. Computers could
fail at any time and the last thing you want to do is scavenge for
pay-stubs and employee agreements when your company is falling apart.

A data breach could also mess up configuration files, applications and
other necessary systems within your company. With many enterprise-grade
cloud backup options now widely available for small businesses, backing up
becomes cost-effective and much easier to do.

Delegate Banking Tasks Separately

While giving unlimited company access to employees is an impressive showing
of transparency, it leaves you open to the most common purveyor of cyber
attacks: human error. If they have access to everything, so does a single
hacker that breached a single computer.

When one uses the computer to go on social media or surf the web, it
becomes easier for hackers to access the information on that computer.
Having computers dedicated solely to online financial transactions will not
only make it easier to keep track of banking transactions, but also limit
outsider access.

Encrypt Sensitive Information

Sensitive information should always be placed on an encrypted disk.
Encryption temporarily jumbles up information when stored so that hackers
can’t get into the company database. And if they do, the information they
steal will be a mess of jumbled symbols – perfectly unusable, especially
with a secure password.

A study done on Apple’s full disk encryption concluded that it would take
approximately 34 years to crack an Apple-encrypted device without using
Apple’s decryption technique. Unless necessary, never store sensitive
information in unencrypted hard drives, or even retain them in a web page.

Plan for the Worst

Even the most well-guarded systems can be cracked by veteran hackers. That
being said, it’s always a good idea to have a last line of defense in case
your company falls victim to cyber attacks and computer fraud. Disaster
recovery plans (DRP) are freely available on the Internet.

A plan of recovery in the case of a cyber attack can go a long way in
recovering lost data. There are even insurance policies that cover any
losses from cyber attacks and computer fraud, so while that may set you
back a couple of hundred dollars a year, it’s much better than picking the
remains of your company off the floor of a hacked computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160523/7d50e38c/attachment.html>