Cyber attacks can have dire, disastrous and lasting impact on your business. Apart from causing direct harm to employees, clients or customers whose information gets compromised, they harm your business by jeopardizing operations. Additionally, they hurt your reputation and may prevent other employees, clients or customers from trusting you with their information in the future.
The bad news is that every business is vulnerable to cyber attacks. Giants such as Citi, Sony, eBay and Target were the victims of cyber crimes in 2014 and lost millions of dollars in sales and profit. The good news is there are some relatively easy steps you can take to reduce vulnerability and promote security.
Here are five of them:
1. Install anti-virus and anti-malware protections
Spam e-mails and virus-ridden websites are two common sources used by hackers to infect connected computers with viruses and malware. Infecting computers with malicious software (or malware) is in fact, the most common method used by hackers to gather sensitive information from private networks. Nearly 50 percent of all data breaches are done via malware.
Install anti-malware and anti-virus applications on all systems (including iPads and mobile devices within the network and ensure they are updated regularly. Run scheduled scans daily, adjust settings to perform realtime protection and run the applications manually.
Also, ensure software and hardware assets in the network are updated regularly as well because outdated programs and hardware are less robust than their state-of-the-art counterparts.
2. Safeguard wireless network
Some businesses prefer to use wireless networks because they are more versatile than their wired counterparts. However, wireless networks tend to be more vulnerable to cyber attacks. It is because hackers can gain access to a wireless network remotely whereas they can’t access a wired network without plugging into your office’s physical outlets.
If you use a wireless network, ensure it is locked and protected securely against unauthorized access. Create a complex password comprising numbers, letters and special characters. Share it only with authorized personnel.
‘Hide’ the network by disabling the SSID broadcasting function (SSID stands for service set identifier), so that only people with the exact name of your network can access it. Additionally, update your WiFi to the most recent encryption standard (are you still using Wired Equivalent Privacy?) for maximum protection.
3. Encrypt all important data
All files and programs on your computers, which contain important, private or sensitive data such as the credit card accounts of clients, social security numbers of employees or bank routing digits of your establishment, must be encrypted. Most operating systems today offer the full-disk encryption function, which can be activated easily. Be sure to consult with your IT Provider before enabling any encryption on your networks as it can cause serious issues if not done properly.
4. Physically secure critical pieces of hardware
It is not uncommon for cyber criminals to steal your hardware (PCs, laptops, cell phones, modems, USB sticks and other electronic equipment), carry it to a secure location and then break into the hardware to access data and information. Physically guarding hardware will help you prevent such theft and subsequent misuse.
Apart from securing your premises with motion detectors and security alarms, physically secure hardware to the desks. You can use Kensington locks for the purpose. Or better yet, you can rack-mount your hardware. Have tracking software installed on critical servers and hardware assets for additional protection.
5. Educate employees in cyber security best-practices
Finally, train employees in the basic do’s and don’ts of cyber security. Start by creating a thorough IT policy for employees, which details the types of online activities that are permitted and the ones that are prohibited.
For instance, you should establish a “BYOD” policy and provide a secure private network to be used by those devices which isolates them from the company network. Use circulars, reminders, IT-centric meetings and small security exercises to keep employees informed about the latest developments and requirements of cyber security and best-practices.
