Written by: Guest | Best Company Editorial Team
Last Updated: July 8th, 2020
Guest Post by Dan Matthews
What is your company doing to prevent the next big cyber attack? If you don’t have a good answer to that question, then you are putting your business at risk.
Every year, cyber attacks from all around the globe are infiltrating the computers of businesses and consumers alike, and the companies that take the biggest hits are finding it harder to bounce back. The fact is that you never know when the next big data breach will occur, but if you prepare accordingly, you can prevent your business from becoming a victim.
Know the risks
As sad as it is to think about, every business big and small is at risk of cyber attacks. In fact, there is a hacker attack every 39 seconds, and 43 percent of attacks are dealt to small businesses. Large corporations often have vast IT departments to fight off these threats, but smaller businesses usually have to fight on the local level with smart security decisions. Don’t worry. It can be done.
The key is to be vigilant in your efforts to prevent cyber attacks because the damage done can often bring a business to its knees, as 60 percent of companies close their doors six months after an attack. The cost to bring your business back after a major breach can often reach around $250 for every record that is stolen. But that’s not it. When customers realize their information has been compromised, they will blame your business and lose trust in your services, putting your reputation at risk. Once they feel slighted, they may never return.
Diligence is needed from day one, so if you haven’t already, it is time to create a risk assessment. Think about your company and the products you produce. Then think of all the potential threats that could happen to your business, everything from cybercrime to natural disasters. What precautions do you have in place to prevent the damage from these issues, and if they do occur, what are the steps you have lined out to remedy the issue? These are all important answers that you must have in writing and make sure every individual that is part of the plan knows their assignment.
Keep your customers safe
The next step is to seal any holes in your current digital armor. Start with your website. Ensure that you have a proper firewall that is set up correctly to block attacks. Then, put a lot of attention into the antivirus software that monitors your site. Make sure your software is regularly updated and that you scan your system regularly. During these scans, take note of any vulnerabilities and work to safeguard those leaks.
You should also have all essential information backed up on secure and dependable servers. Backups should occur weekly or daily so that you can access the necessary files if you are the victim of any number of intrusions, including ransomware attacks that can corrupt your current systems. It is wise to keep your backup servers in a secure location that is not connected to your main system so they can not be likewise corrupted.
If you use mobile devices around the office, including phones or tablets, you need to keep that equipment secure as well. Mobile devices should be encrypted so that stolen data cannot be used by those without authority. You could also consider a private network, so your devices are “hidden” from people who are not meant to see them. If tablets are only used on company premises, then ensure that they stay there and that they are properly locked up at the end of the day. Finally, make sure that all security software is updated regularly.
Educate all employees
While your business leaders may be on board with a stronger stance on cybersecurity, if the employees aren’t on the same page, they may unknowingly open the door to attacks. The threat of cybercrime is so high that many companies are requiring mandatory security awareness training sessions that keep everyone abreast of current threats and how to fight them. Such training shows employees the bigger picture, including how attacks happen, what hackers can do with the data they steal, and how an attack affects not only the business but also their well-being.
Many common-sense solutions can make a big impact on data protection, and it starts with passwords. A good password should be difficult to guess and include a combination of letters, numbers, and special characters. On top of passwords, two-factor authorization should be implemented, which has the employee use a hardware token or even biometric identification in addition to a password. Computers should never be left unattended, and screens should be locked whenever the employee leaves the desk.
One of the most frequent hacker schemes that can catch employees and consumers off guard is an email attack. One popular method is spear phishing, which is a targeted attack that usually occurs in the form of an email that looks like your standard communication.. However, it often includes a link or attachment, that when clicked or opened, actually creates a hidden door into your organization. Users are lured into clicking the links because the emails are set up in such a way that they look like they are from an authority, like your bank or employer, so they create a sense of urgency. There are common signs of phishing emails that employees need to look out for:
- It comes from an email address that looks official but is off by a letter or two.
- The body of the email contains many spelling errors.
- It is written with a sense of urgency along with a link you were not expecting.
In the end, it is every company's responsibility to protect their data against cyber attacks. Although hackers are always getting smarter, they still need to gain access to your systems, so heed these tips and stay a step ahead.
Dan Matthews is a writer with a degree in English from Boise State University. He has extensive experience writing online at the intersection of business, finance, marketing, and culture. You can find him on Twitter and LinkedIn.