If you own a small business, you may be worried about your sensitive data being lost in a cyber attack. Fortunately, these nine tips can help you protect it.
By Sheza Gary
Cyber attacks are on the rise, especially in countries that have been identified as ideal targets due to the amount of financial information businesses in those countries store. The UK, Japan, and the U.S. are among the most commonly targeted countries because hackers can steal a large amount of financial information and make a lot of money by attacking businesses. Even small businesses are often targeted. In fact, small businesses are often the first targets because cyber terrorists assume they do not have much security in place. If you want to protect yourself from these cyber attacks, here are nine useful methods you should employ.
1. Bring in an Expert
Having a security expert on your staff or under contract is the first thing you should do. Having someone who not only understands cyber security but also focuses on security as their job will help prepare your business for one of these attacks. These security consultants will test your system by trying to hack it. Once they have found your weak points, they will help you improve your security in those areas. They will also keep up with the latest hacking methods and try attacking your system periodically to make sure it can withstand these new methods.
2. Have a Back-Up
If your security is breached and your data deleted, do you have it backed up somewhere? This seems like a fairly obvious thing to do, but many small businesses never think about what they would do if they lost all of their information. Make sure all of your vital data is backed up on a regular basis, and if you have the storage space, backup non-vital information, too. You can use a cloud to backup all of your data fairly quickly, easily, and inexpensively.
3. Watch your Competitors
If a competitor or any other business has been hacked and lost private data, watch how they handle the situation. See what they do right and what they do wrong, and then incorporate this information into your own cyber-defenses and response plans. If you see a company handle a data breach horribly, make certain you’re not going to repeat those mistakes yourself.
4. Train your Employees
Your employees need to know how to protect your system from a cyber attack and what to do when one occurs. Only a little over half of all the small and medium-sized businesses in the U.S. actually train their employees on cyber attacks. Without this training, it’s very possible the next cyber attack that hits your company will come through an employee’s lack security measures. Your team (including you and your senior management) must know how to do everything from create strong passwords to using a VPN to protect information when using public Wi-Fi.
5. Install Network Intrusion Prevention and Detection System
In order to better monitor your system, you need to install intrusion protection software such as Snort. This software will alert you when someone is trying to access areas of your network they do not have clearance for. It can also automatically respond to threats, so even if it’s late at night and no one is in the office, your system is still protected. Intrusion prevention will take note of user accounts that frequently try to access data they shouldn’t, which can be a sign that an account has been compromised.
6. Use Strong Passwords
Your employees should all be trained in how to create and use strong passwords that are at least six characters long and use upper and lowercase letters, numbers, and symbols. These passwords should ideally contain a minimum of one of each of these four types of characters, and while six characters long is an acceptable minimum, passwords really should be eight or ten characters long.
7. Have Dedicated Banking Computers
As a small business, you may be limited on how much equipment you have. However, if you can set aside a computer to be your dedicated financial machine, you’ll greatly improve your security. That’s because if you use the same computer to handle financial transactions as you do for your social media marketing, email, and other tasks, you’re opening that computer up to viruses and attacks. Being online puts your computer at risk, so if you have a system that only uses the internet to submit financial data and other secure information, there will be less chance of it being hacked.
Note, however, that you have to remain dedicated to keeping this computer as a financial transactions only computer. You can’t start using it for other things or the risk of it being hacked increases. Also make sure only employees who are allowed to handle banking tasks are using this computer. Having others get on it for any other reason increases the risk, too.
8. Encrypt all Sensitive Data
Any information you send online, whether it’s over the internet, through email, or through any kind of messaging tool, must be encrypted. This protects all of your information from being decoded and used against you and your customers. Even if you save that information to a flash drive or other type of removable storage, it should be encrypted so that the drive itself is fairly useless if it’s stolen or lost.
9. Prepare for the Worst
Finally, you’ve got to be ready for a cyber attack that your system cannot prevent. It’s almost inevitable that it will happen simply because hackers are continually coming up with new ways of breaching systems, and you can’t be always be prepared for every single method they use, especially the ones that are brand new.
That means you need to have a disaster recovery plan and response to the attack. You need to have a plan for getting your business back up and running, getting your employees access to the data they need, and responding to the media and your customers. It’s important that you secure your servers as quickly as possible so you can start determining what was hacked and what you need to report to the media.
Sheza Gary has been a Project Strategist since 2009 and also involved in the launching of startups n tech companies in New York for over 5 years. She has keen interest in writing her own experiences about business plans and upcoming business supporting technologies. Follow her on Twitter & Google+.