[BreachExchange] 9 Methods for Locking Down Your Small Business Network

[Inga Goddijn]

http://www.smallbizdaily.com/9-ways-avoid-cyber-attacks/

Cyber attacks are on the rise, especially in countries that have been
identified as ideal targets due to the amount of financial information
businesses in those countries store. The UK, Japan, and the U.S. are among
the most commonly targeted countries because hackers can steal a large
amount of financial information and make a lot of money by attacking
businesses. Even small businesses are often targeted. In fact, small
businesses are often the first targets because cyber terrorists assume they
do not have much security in place. If you want to protect yourself from
these cyber attacks, here are nine useful methods you should employ.
*1. Bring in an Expert*

Having a security expert on your staff or under contract is the first thing
you should do. Having someone who not only understands cyber security but
also focuses on security as their job will help prepare your business for
one of these attacks. These security consultants will test your system by
trying to hack it. Once they have found your weak points, they will help
you improve your security in those areas. They will also keep up with the
latest hacking methods and try attacking your system periodically to make
sure it can withstand these new methods.
*2. Have a Back-Up*

If your security is breached and your data deleted, do you have it backed
up somewhere? This seems like a fairly obvious thing to do, but many small
businesses never think about what they would do if they lost all of their
information. Make sure all of your vital data is backed up on a regular
basis, and if you have the storage space, backup non-vital information,
too. You can use a cloud to backup all of your data fairly quickly, easily,
and inexpensively.
*3. Watch your Competitors*

If a competitor or any other business has been hacked and lost private
data, watch how they handle the situation. See what they do right and what
they do wrong, and then incorporate this information into your own
cyber-defenses and response plans. If you see a company handle a data
breach horribly, make certain you’re not going to repeat those mistakes
yourself.
*4. Train your Employees*

Your employees need to know how to protect your system from a cyber attack
and what to do when one occurs. Only a little over half of all the small
and medium-sized businesses in the U.S. actually train their employees on
cyber attacks. Without this training, it’s very possible the next cyber
attack that hits your company will come through an employee’s lack security
measures. Your team (including you and your senior management) must know
how to do everything from create strong passwords to using a VPN to protect
information when using public Wi-Fi.
*5. Install Network Intrusion Prevention and Detection System*

In order to better monitor your system, you need to install intrusion
protection software such as Snort. This software will alert you when
someone is trying to access areas of your network they do not have
clearance for. It can also automatically respond to threats, so even if
it’s late at night and no one is in the office, your system is still
protected. Intrusion prevention will take note of user accounts that
frequently try to access data they shouldn’t, which can be a sign that an
account has been compromised.
*6. Use Strong Passwords*

Your employees should all be trained in how to create and use strong
passwords that are at least six characters long and use upper and lowercase
letters, numbers, and symbols. These passwords should ideally contain a
minimum of one of each of these four types of characters, and while six
characters long is an acceptable minimum, passwords really should be eight
or ten characters long.
*7. Have Dedicated Banking Computers*

As a small business, you may be limited on how much equipment you have.
However, if you can set aside a computer to be your dedicated financial
machine, you’ll greatly improve your security. That’s because if you use
the same computer to handle financial transactions as you do for your
social media marketing, email, and other tasks, you’re opening that
computer up to viruses and attacks. Being online puts your computer at
risk, so if you have a system that only uses the internet to submit
financial data and other secure information, there will be less chance of
it being hacked.

Note, however, that you have to remain dedicated to keeping this computer
as a financial transactions only computer. You can’t start using it for
other things or the risk of it being hacked increases. Also make sure only
employees who are allowed to handle banking tasks are using this computer.
Having others get on it for any other reason increases the risk, too.
*8. Encrypt all Sensitive Data*

Any information you send online, whether it’s over the internet, through
email, or through any kind of messaging tool, must be encrypted. This
protects all of your information from being decoded and used against you
and your customers. Even if you save that information to a flash drive or
other type of removable storage, it should be encrypted so that the drive
itself is fairly useless if it’s stolen or lost.
*9. Prepare for the Worst*

Finally, you’ve got to be ready for a cyber attack that your system cannot
prevent. It’s almost inevitable that it will happen simply because hackers
are continually coming up with new ways of breaching systems, and you can’t
be always be prepared for every single method they use, especially the ones
that are brand new.

That means you need to have a disaster recovery plan and response to the
attack. You need to have a plan for getting your business back up and
running, getting your employees access to the data they need, and
responding to the media and your customers. It’s important that you secure
your servers as quickly as possible so you can start determining what was
hacked and what you need to report to the media.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160928/16fab342/attachment.html>