[BreachExchange] Security basics for the small business owner to defeat cyber-terrorists

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 29 18:58:17 EDT 2018


With the advent of technological advancements, every business enterprise
and an online consumer is exposed to cyber-intrusion. Most organisations
lack the competence to thwart such network intrusions.

Small organisations with no cyber-security plan have become an easy target
for hackers to capture their network and are more prone to become the
victim of cyber-attacks. The attackers use advanced methodologies to access
crucial internal information. They send phishing emails with malicious
content. Any user who opens such content becomes an easy target of network

Important measures to defend your organisation from virtual attacks

It is important that small organisations should be alert and remain
vigilant in terms of cyber-attacks. They should adopt stringent security
measures to guard their enterprise against cyber-attacks. Here we discuss
some key prudent measures that every organisation must undertake to enhance
its internal security practices.

Have a strong firewall in place

What is a firewall? A firewall is a network security mechanism that closely
monitors and regulates the incoming and outgoing flow of traffic from the
web and obstructs traffic which does not adhere to certain security
procedures. A firewall can be in any form- software, hardware etc. Ideally,
it acts as a barrier and protects the end user's computer from uncertain

Firewalls obstruct the external unreliable sources from causing any damage
to internal systems. Such dynamic firewalls protect an end user's computer
from hackers and give a tough competition to cyber-terrorists.

Refurbish Operating System(OS)

An organisation should always use an operating system which is built with
high-profile security features and safeguards the user information from
distortion. Some of the eminent operating system companies such as Apple,
Google and Microsoft are working to enhance the level of security set by
their technical teams. These teams are continuously trying to upgrade the
operating systems so that they not only protect user's data but also
restrict cyber-terrorists from gaining an edge over technology.

You should ensure that your PC is adequately fixed and updated on a
time-to-time basis. While system applications are not entirely flawless,
maintaining regular software updates would help in securing your system
from malware attacks. Nevertheless, regular patch updates from your
operating system provider defend the system from any unforeseen consequence.

Installing an anti-malware software

In 2017 we have seen the Wannacry ransomware which impacted a huge network
of computers across the globe. Malware like trojans, viruses etc are
malignant software programs which contaminate the immunity level of a
device and make it prone to severe cyber-attacks. Therefore, it is
certainly essential for every organisation to install an antivirus software
on the internal systems to not just defend against cyber-attacks but also
keep updating the software to the latest version to protect against any
virtual intrusion and maintain a distance from hackers on a day-to-day

Setting up a strong password

Using weak passwords by internal staff within an organisation makes it
vulnerable and easy for hackers to invade into the network. For this
reason, it is essential that every organisation should educate and train
their internal staff to set up unique and strong passwords consisting of
special characters. This makes it difficult for attackers to crack the
passwords while trying to intrude into the network.

Now the question is, how often should you change your password? As per
industry standards, changing it at least once in every three months should
be good. Nonetheless, you shouldn't hesitate to frequently change your
password in case of sensitive information in your account. Ensure that
every employee within the organisation has their own username and password,
which should not be shared with others.

Another method could be setting up a two-factor authentication. This
provides an extra layer of security by linking say your phone number to the
email id. So, for example, whenever you punch in your account credentials,
a security code will pop up as an SMS on your phone, which you need to use
to gain access to your account. Also, avoid using personal information like
name, birth-date commonly used words, etc for setting up a password. A
solid password involving a combination of random words, numbers or
alphanumeric characters would strengthen your security.

Appoint security experts

Every organisation should focus on appointing trained and certified
cyber-security experts who can protect the internal systems from potential
cyber-intrusions. Such professionals should maintain a close watch on the
internal networks to avoid hackers from exploiting any confidential or
crucial internal information.A conscious cyber-security professional not
only protects an organisation from potential security breach but also
utilises their expertise to implement best security practices accordingly.
Hence, these experts are responsible for keeping a regular check on systems
and detect any loops and ensure there are no security gaps which can hamper
the internal networks.

Data encryption

Irrespective of the size, function or nature of work, organisations should
make their best efforts to protect the flow of business information. All
business information is important for the organisation. As an enterprise
owner, have you considered encrypting your data?

You should ensure that sensitive information should not be accessible to
all. Such confidential information should be restricted to only certain
people who are entitled to view it. From an organisation's perspective, you
should encrypt the sensitive data before sharing it with your client. Your
staff should be educated about data encryption properly so that they are
well aware of how to handle critical information and judge which
information to share with clients. The data should be encrypted so that
only people who have access to the secret key can view it. Confining the
access to a few people is a major step in defence against cyber-attacks.

While data encryption may seem like a complex process, data loss prevention
software can be totally relied upon, which would offer data encryption with
your system, email, and application control. Rest assured, your data is
safe and protected from any evil invasion. Probably, for this reason,
encryption has become so popular in recent times and is used by different
organisations extensively.

Have a sound data backup plan in place

Having a sound backup plan acts as the most efficient practice to trove an
organisation's business information. Every organisation should have a sound
data backup plan in place for storing all crucial information and data
files required for regular business operations. This acts as an alternate
route to safeguard internal data in case of any loss of crucial
information. In 2017, we have seen many malware attacks such as Wannacry
Ransomware, Petya/Non-Petya, etc. which attacked a huge number of computer
networks across the globe. Many organisations lost critical information in
this process.

No business can afford its internal information to be bargained. This may
cause severe financial and goodwill loss to the business. For this reason,
creating and saving backups in an external device, or cloud, could help in
keeping a stock of useful information. Today, when there are ransomware
attacks that have the potential of paralysing your organisation's internal
structure and capture all information, it's definitely good to have a
substitute for all information, which should be frequently refreshed and


As digital technology emerges, various latest technological trends have
opened up newer avenues of both positive and negative impacts on business
enterprises. Technology is ever-changing, so are the tactics used by
cyber-criminals. Every organisation is under constant cyber-threat. It
should contemplate some of the best practices to administer effective IT
security within their internal systems. Every organisation should keep a
close watch on security processes to prevent itself from falling prey to
dangerous cyber attacks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180529/c217263e/attachment.html>

More information about the BreachExchange mailing list