You can’t seem to watch the news without learning of a major new security bug or corporate hacking scandal. Heartbleed and Shellshock scared many Internet users, and articles about improving cybersecurity everywhere began to appear soon. Small business owners need to be especially savvy about cyber security, as much of their business is based on the web. Here are some things to know about keeping your business safe online, as well as what to do in the event of a security breach.
· No company is too small to be vulnerable to hackers. According to the National Cyber Security Alliance, 71% of cyber attacks target small businesses and nearly half of small businesses report being attacked. Even more alarming, Experian found that 60% of small businesses that fall victim to a cyber attack go out of business within six months. The NCSA reported three reasons small businesses are often attacked: they don’t have the resources to respond to an attack, information like credit card numbers is often less protected, and small businesses can partner with larger corporations. and give hackers access. to those companies.
Make sure that all devices related to the company network or company data have reliable anti-virus and anti-malware software. This is a basic but easily overlooked precaution against malicious files and other attacks. Your network must also have a firewall to protect the entire network.
· Educate your employees. In addition to making sure everyone in your company is familiar with your security system, it can be helpful to train employees on basic Internet security. There are many online resources that raise awareness about phishing scams, security certificates, and other cyber security basics.
· Create strong passwords. For any resource that requires passwords on your system, create (and have employees create) complex passwords that are not subject to social engineering or easy guessing. There are a number of guides available on the web on how to create strong passwords.
· Use encryption software if you deal with confidential information on a regular basis. That way, even if your data is compromised, the hacker won’t be able to read it.
· Limit administrator privileges to your system. Set appropriate access limits for employees without administrator status, especially when using non-company devices. Limit administrator privileges to those who really need them and limit access to confidential information by time and location.
· Study cyber insurance. Cybersecurity breaches are generally not covered by liability insurance, but if you are looking to protect sensitive data, speak with an insurance agent about your options.
Back up your data weekly, either to a secure cloud location or to an external hard drive. That way, if your server goes down, you will still have access to your data. SkySuite’s Boardroom Executive Suites cloud computing services are an ideal tool in this area.
If you have determined that there was a security breach, find out the scope of the attack. This is a good time to call in an expert cybersecurity consultant. This will give you an idea of the damage you need to mitigate and indicate whether it was a generic, mass-produced attack or a specifically targeted one.
Once you have done this investigation, take all of your systems offline to contain the damage.
· Repair affected systems. You can use master disks to reinstall programs on your devices. Then, with the help of your consultant, find out where the gaps are in your security system. To prevent another attack from happening, use it as a learning experience to strengthen your protection. This will likely include educating your employees on what went wrong and what they can do in the future to prevent that from happening.
· Be honest, transparent and timely in your communication with your clients. Let them know what happened and what you are doing to fix it.