All sizes of businesses are now targets for cyber criminals. Per the Verizon 2018 DBIR, 58% of data breach victims are small businesses. Furthermore, it is shocking to see that 60% of small businesses are shut down within 6 months of an attack, according to the National Cyber Security Alliance. So, what makes these small enterprises prone to cyber-attacks? Probably it is the lack of resources due to limited budget and the misbelief that only large organizations are attacked by hackers.
However, all size businesses need to stay ahead of cyber attackers. I have come up with some useful preventive measures to protect your business from cyber-attacks. Take a look:
Train Your Staff
Your employees are your biggest asset, but at the same time, they are the biggest security risk as well. So, your primary action should be to give security awareness education to your staff. This will help in minimizing cases of accidental or intentional data leakage. One important point to keep in mind is that providing training to your staff is not a one-time task. Rather, it should be done periodically to ensure that your employees are kept up to date with the latest cyber threats. It helps them act cautiously against security vulnerabilities and threats.
Manage your Passwords
Your passwords are the key to your company’s confidential information. It is crucial to follow some basic thumb rules when creating and managing passwords for your company.
- Always change default passwords to unique passwords
- Do not use the same password for different accounts
- Make sure you store your passwords safely. Use a password manager. Never write your passwords on paper accessible to others.
- Follow the guidelines for making a strong password. Use a combination of uppercase and lowercase letters, numbers, symbols, etc.
Keep your tech in good shape
The OS and apps on company systems should be up-to-date, as that ensures installation of latest security patches. Further, firewall and antivirus need to be installed on each and every system. Ensure that both are active, up-to-date and installed with the right settings. Microsoft operating systems come with a default firewall, so you just need to activate it. However, it is strongly recommended to invest in a reliable and advanced antivirus software for PCs. After all, buying an antivirus is much cheaper than becoming a cyber-attack victim.
Keep backups to limit the loss
With the rising number of ransomware attacks, the importance of having data backup has come into the picture. It is better to keep a copy of your data rather than taking the risk of paying ransom to hackers. A company can get back running normally after an attack if data backup is available. Make sure you run periodic backups of your company’s data as it helps in restoring from a recent point. Backups should always be kept on a separate system.
Get your Coding tested
Your website code and hosting is an important aspect for the security of your company. Get your website fully tested for security errors by your internal Information Security team or hire one. Improper or outdated code can help hackers make way into your website and ultimately cause harm. Further, make sure the hosting facility for your website is from a reliable hosting company. Don’t forget to buy a security certificate for your website as it safeguards from malicious content on the web and comes at a reasonable price.
Get an Endpoint Security Solution (EPS) Solution
Having comprehensive Endpoint Protection gives you the assurance that you have security control at the device level, application level and web level. An EPS provides protection to all the endpoints of your company, which are being used by attackers to launch malware. EPS solutions for small and medium businesses require a little investment but as a company, you should consider the security value provided by such a solution.
What to do when you are breached?
Now if you have already been attacked, then there are certain steps that you should follow as mentioned below:
- Figure out
First things first. You need to know the type of data that has been lost or stolen in the data breach. Is it a generic form of data like street addresses, names, etc.? Is it a little more sensitive form of data such as email addresses, credit/debit card numbers? Or is the lost data is highly sensitive, such as passwords, online banking credentials, credit/debit card security codes, etc.?
- Make changes immediately
Based on the type of data loss, you need to take action. For instance, if passwords are lost then you need to immediately change all system, web and other login credentials. Ensure that you do not repeat passwords for any two accounts and ensure that they are entirely different from the lost ones. To add a extra layer of protection, you can use two-factor authentication. So even if a cyber thief has the right password, he would not be able to get in until having the security code generated by two-factor authentication. If the lost information includes online banking credentials then it is important to inform the bank or card issuing authorities as they can block your card so that no unauthorized transaction takes place. Further, they might release a new card to ensure your security.
- Inform about the breach
Your customers need to be informed about the breach that has occurred to your business. So as soon as you know that your business data has been compromised, be up-front and convey the same to your customers. Tell them what type of data has been compromised, what the company is doing to mitigate the loss and what security measures they can take.
- Execute a Post Breach Audit
It is crucial to execute a post-breach audit in order to figure out the root cause – such as weak security on endpoints - thus finding out the reason behind the occurrence of the breach. You can hire an InfoSec Auditor for this process as they can give you better insights into the breadth and depth of the attack and give recommendations for improving your data handling procedures.
- Last but not the least- Don’t Panic
Breaches are certainly stressful events and getting panicky is a most natural response to such incidents. But my recommendation for you is Do Not Panic. It will consume much of your time, which is better spent planning action.
As it is predicted that by 2021, cyber crime will cost the world around $6 trillion, it becomes necessary to consider the above-mentioned security practices for the safety of your business.