The first few months of 2014 were a major wakeup to businesses of all sizes about the importance of proper cybersecurity. The Target credit card breach at the end of 2013, in which 40 million customer credit card accounts were compromised, showed that no one is invincible and that every business no matter what size must take extreme precautions to guard against cyber threats.
And then in April, there was the Heartbleed issue, which basically exposed a security vulnerability in the widely used OpenSSL encryption technology. This hole essentially provided hackers with means to access many of the world’s largest websites and download sensitive information from servers without leaving a trace.
Technology has accelerated at such a rapid pace in recent years and has dramatically transformed the way we live, work, and socialize with others. While it has given us previously unforeseen benefits, technology has also made it easier than ever for bad guys to exploit unwitting people and organizations. Unfortunately, and this should come as no surprise, the black market for hackers is increasingly sophisticated, specialized, and maturing.
This all spells trouble for businesses that don’t take the trouble to implement a cybersecurity strategy to protect their networks, infrastructure, and other data assets from attack. Small businesses, with less resources and less awareness, are especially vulnerable to increasingly sophisticated methods of infiltration. The consequences of this could be irrevocable, and range from lost customers, brand damage, increased expenses, and lost revenue. It is estimated that 40% of a small businesses’s worth is derived from the information it owns. So every effort must be made to provide these organizations with a plan to protect their most valuable data assets and information.
Let’s run through some techniques that businesses of all sizes (but especially smaller sized ones) should be adopting today in order to maximize their protection against unwanted security breaches.
Regularly update anti-virus software: While budgets are tight the risks of not having your network secured with the appropriate firewall and business class anti-virus technology far outweigh the costs. Ensure that your software is updated with the latest patches and that all applications, email programs, and browsers are covered.
Require stronger passwords: Make sure that all employee accounts are protected with strong passwords and limit administrator privileges only to employees that absolutely need this access. Require passwords that are long and contain many numbers and symbols as this helps protect against the likelihood of unwanted access to proprietary assets.
Secure your browser: Web browsers are one of the biggest points of security vulnerability. Malware frequently hitches to ads and other unreliable downloads and can inject viruses into your computer, putting your data at risk. Ensure that you only transmit personal information over a secure connection and always use an HTTPS connection when accessing the internet from a device with company information.
Change router default security settings: Router manufacturers often use the same default login information such as “admin” or “password” or some simple word. Since these are known to hackers, it’s important to change the default settings immediately upon setup.
Frequently backup your critical data: This should seem self-evident but it bears repeating. Set your system to automatically backup all important data such as financial records, legal information, customer account information, and proprietary databases.
Educate your staff: Education is the best policy for improving security awareness and effectiveness among your employees. Holding an annual compliance review to help enforce the importance of password protection and outline company security policies will go a long way to protecting the organization’s assets.
Develop a cybersecurity emergency plan: In the event of a breach, have a plan in place to identify and close the vulnerability, work with third-party security experts, and provide transparent updates to partners and customers.
To be continued . . .