What can SMBs do to protect themselves?
By Prempal Singh
It looks like a day doesn’t go by without news of a major cyber attack. In the last year only, attacks on Sony, Yahoo!, Target, and LinkedIn focused headlines.
Whatever you don’t notice about are the hundreds, or even tens of thousands, that are foiled every day. What you also don’t learn about are the cyber attacks that hit small businesses.What is often lost in these headlines is the fact that practically 1 / 2 of the cyber attacks worldwide were against businesses with fewer than 250 employees.
In many cases, the hacked information is held for ransom, released only when the master of the small to middle size business (SMB) pays a significant price to get it back. Hacked information is also used to rob bank accounts via wire, steal personal identification information, hijack websites, and file for fraudulent duty refunds.
A few illustrations that come into your head include:
- Wright Hotels: All it took was a hacked email to open the door for $1,000,000 to be stolen from the bank account.
- PATCO Construction: Due to a Trojan Horse attack that invaded the company’s systems, thieves captured banking credentials and took practically $600,000 from the company’s accounts through ACH transfers.
Therefore, what can SMBs do to protect themselves?
1. Provide Training for Employees at Every Level:
The huge majority of successful cyber attacks are due to human being error. This is what precisely happened at Target, in which a breach of Target customer data was traced back in HVAC vendor that worked at a number of the retailer’s locations. While human {mistake|problem} will always come into play, businesses can {reduce|lessen|decrease} incidents by implementing training and awareness programs. {These types of|These kinds of} should be conducted during onboarding for new employees and should {become|end up being} conducted on an ongoing most basic for employees at all levels–even the C-suite.
While human mistake will always come into play, businesses can decrease incidents by implementing training and awareness programs. This should be conducted during onboarding for new employees and should become conducted on an ongoing most basic for employees at all levels–even the C-suite.
2. Back Up Business Data Regularly:
With ransomware rising, the best defense is to constantly back up data. That way, even if data is stolen, it is not lost.
The best way to do this is to automate the data backup process, saving copies of word control documents, databases, spreadsheets, human resources (HR) files, and other key files and data either in the cloud or offsite.
3. Provide Employees Access on a “Must-Have” Basis Only:
Businesses often get lazy when considering to providing access to data. Rather than analyze who needs what information, employees obtain access to much more information than their careers require. Employees should only be given access to the particular systems that they need because of their jobs and should not be able to install any software without permission.
In addition, employees should be strictly restricted from engaging in “rogue IT” practices where they install any software they think they require on their computers or other devices used for work without the go-ahead from someone authorized to provide such permissions.
4. Secure Devices and Networks:
Provide equipment and networks that contain the most up-to-date versions of security software, Mozilla, and working systems at all times.
Be diligent about installing patches and updates as soon as they are offered to best protect against ransomware, malware, viruses, and other cyber threats.
5. Establish Strict Passwords and Authentication Policies:
Hackers earn a living from people who use weak security passwords like their names, sports activities conditions like “baseball” or “football, ” the term “password, ” or even sequential numbers like 123456. To fight back, use unique, complex passwords including uppercase and lowercase characters, numbers, and symbols, and ensure you and your employees change those passwords every couple of months.
To be even more secure, think about requiring additional information after just the password to gain access. It may be something of a nuisance, but the extra security is obviously worth it in the long run.
6. Be Mobile, but Be Smart:
Even the smallest companies conduct much of their business remotely and with mobile devices. Sales people hit the road, increasing numbers of people work from their homes, and employees need to be available 24/7.
These types of devices hold critical information and can access corporate and business networks. As such, they need the same defenses as desktop devices found in a home business office.
This means all devices must have up to date security programs installed as well as data security and password protection. Presently there should also be action plans in place for lost or stolen devices.
The Bottom Line
Face it, your employees might find these precautions to be bothersome, time eating, and distracting. But they are also 100 percent necessary.
While it is asking a lot for SMBs to tackle all of the tactics reviewed here, you might select and choose the steps most relevant and suitable for your business, and then implement additional ones to get better results as you go.
Source: www.inc.com