It is clear that modern business has benefited greatly from advances in technology, as have modern consumers. However, along with all of the benefits of technology there comes a significant increase in risk. The technology that most businesses depend on is vulnerable to attack.
According to the 2013 Cost of Cyber Crime Study conducted by Ponemon Institute, there were 122 successful cyber attacks per week for the 60 companies in the study. This marks an increase from the 2012 study, which showed 102 successful attacks each week.
A larger company can be targeted by focused and sophisticated cyber criminals who design malware specifically to attack that company’s infrastructure. Likewise, the security efforts of smaller companies may be hamstrung by a limited budget and the inability to hire a security staff to protect their assets; in fact, small and mid-sized businesses have recently become the preferred targets of cyber criminals due to the ease of penetrating their defenses.
Preventing Cyber Attacks
How can small business owners combat attacks without hiring dedicated security personnel? One option is to hire an outside firm to conduct vulnerability scanning and provide security consultation. They bring the expertise on cyber security and have the time to dedicate. There are also simple measures business owners can take to lower your risk of cyber attacks. Here are a few steps every business owner should implement in his or her business:
1. Develop a Security Plan
A security plan can help you to focus on the factors that make your technology secure; it can also provide a basis for evaluating cloud vendors. As a part of that security plan, you will need to designate an individual who will be responsible for its implementation. This individual should assess any changes to your system that may affect its security.
2. Classify Information
Data on your computers should be classified based on sensitivity. The level of sensitivity will be used to determine who has access and the level of protection data is given. It will also be used to determine whether the data is to be retained or destroyed.
3. Define Authorized Users
Know who is authorized and determine what they are able to do. Part of preventing unauthorized access to your data is to assess the people who have authorized access. The risk of unauthorized access should be evaluated regularly and addressed as needed.
4. Communicate Security Policies
A description of your policies should be communicated to all of your users. Additionally, any changes in those policies that can affect the security of your network should be communicated to all users who will be affected.
5. Data Encryption
One common form of attack involves cyber criminals breaking into a company’s network and encrypting important data. This prevents the company from being able to access their own data unless they have the password; to get it they have to pay a ransom to the criminals. One way your company can prevent this type of attack is to encrypt your hard drives. For most businesses, there will be no need to purchase additional software; all that is necessary is to turn on the encryption tools that come with the major operating systems. In Windows, the BitLocker feature will provide the necessary encryption; on Apple computers, it is called FileVault. Once turned on, these features will encrypt all of the files on a computer without affecting its performance.
6. Secure Your Premises
The physical theft of computers is a problem for some businesses. The theft of laptops, mobile devices and servers can render a company extremely vulnerable to cyber attack. Your options for mitigating this risk include employing additional security measures for the building in which your servers and other devices are stored; you can also use Kensington locks and rack-mounted hardware to make stealing them a more difficult task.
7. Update All Your Software
This is one of the easiest ways to make sure that your data is kept secure. The updates should be downloaded only from the publisher’s site; note that there are many counterfeit sites that are designed to look legitimate.
8. Educate Employees
Make sure that your employees understand how to be safe on the Internet. They should be aware of the threats (social media, email attachments, etc.) and how to avoid them. They should know to be careful when opening emails that appear to be from the IRS or financial institutions and should know not to open sensitive data in public places. You should have a protocol in place in the event that someone misplaces sensitive information or a device containing that information, or if they believe there is malware on their computer.
Do not make the mistake of thinking that your business is too big for cyber criminals to take on or too small for them to notice. Cyber criminals do not care where the money comes from and are always on the lookout for new targets.