Five Ways to Protect Your Business from Cyber Attack

Question: When do most business owners get serious about Internet security?

Answer: After it’s too late.

The fact is, most individuals and companies don’t worry about taking security measures until they’ve been badly burned. If your odds of getting hacked were very slim, and the consequences not very severe, this might be a reasonable strategy. That said, the odds are much higher than most people appreciate, and the consequences are often dire.

Not long ago, UPS grabbed headlines with news of data breaches at 24 of its stores across the country. Malware attacks compromised customer names, postal addresses, email addresses and even payment card information. UPS is the latest company to join the ranks of others like Target, Adobe and eBay in the growing list of organizations that have fallen victim to cyber fraud.

As a small business owner, you might be thinking, “How does this concern me? Surely my business faces no threat from sophisticated hackers who would rather go for bigger companies.” Well, that’s where you are wrong, because when it comes to cyber attacks, size doesn’t matter. According to Symantec’s 2014 Internet Threat Report, last year 30% of cyber-attacks targeted small companies.

So what can you do to protect your business from cyber threats? First you have get off that easy chair and recognize the need to Take Action! As a business owner, you need to establish proactive cybersecurity strategies that cover the entire organization to defend against this persisting threat. Are you with me? OK, here are five things you can do.

Employee Training and Protocol

Train your employees to handle customer information and other vital data carefully. Ideally, a separate user account should be created for each employee, and strong passwords should be maintained to prevent use of business computers by unauthorized individuals. If possible, consider putting a system in place that requires passwords to be changed every three months. Moreover, also consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Provide administrative privileges to trusted IT staff and key personnel only. Make sure no employee is given access to all data systems – only those that they need for their jobs should be accessible to them. Restrict employees from installing any software without permission. Consider establishing proper Internet usage guidelines that involve penalties for violating company cyber security policies.

Safeguard Information, Computers and Networks

We all have a tendency to procrastinate the updating of security software, web browsers and operating systems. This can be very dangerous, as outdated software and applications are easy targets for hackers and malware. Make sure you install key software updates as soon as they are available and set antivirus software to run a scan after each update. Ensure that the firewall on your system is enabled, or you may have to run around extinguishing security breach related fires yourself! Secure, encrypt and hide any Wi-Fi networks that you may be using at your workplace, if they are connected to your private network.

Maintain Backup Copies of Business Data

Regularly backup the information stored on all computers such as word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/ payable files. Copies should be stored offsite, or in the cloud.

Keep your Mobile Phones Safe:

If you are using your mobile phone to access the corporate network, make sure you password protect your device, encrypt your data and install security applications to prevent criminals from stealing information while the phone is on a public network.

Secure Online Payment Systems:

Isolate payments’ systems from non-secure programs and don’t use the same computer to process payments and surf the web. Ensure that your bank or processor is using the most trusted and validated tools, and anti-fraud services.

Additionally, you should also think beyond popular data security sensors and address other concerns that might have a direct impact on your company, such as sub-standard hiring practices of an essential vendor. A few small but effective measures such as these may go a long way in helping you to protect your company from cyber mischief.