Cyber security is important for companies of all sizes. It is not just the large multi-national companies like Target and Home Depot who are have been in the news that are at risk for cyber attacks. Some research indicates that as high as 50% of small and midsized businesses have had their networks invaded in the past 12 months. Your network may have been attacked without you even being aware of the intrusion.
Small and midsized businesses are ideal targets for network hackers since they have more digital assets than individuals but they have far less security than the larger companies that have full-time IT staff dedicated to protecting their sensitive data. Cyber-attackers know that small to mid-sized companies do not have the resources to focus on protecting their data, while the at risk information is just as valuable for their needs as the data that is stored at large companies.
Most small businesses believe that they are not at risk because they do not have any information that would be of value to cyber thieves. In fact, cyber attackers are seeking any personal information (e.g. name, address, phone number, credit card number, social security number, driver’s license number) that can be used to impersonate an individual during electronic transactions that would not involve a face to face interaction. If your business has any databases, files or information with customer, employee or financial information, you have data that would be of value to cyber attackers.
Types of Cyberattacks
- Advanced Persistent Threats (APT) are brief break-ins that occur in phases over a period of time in an attempt to avoid detection.
- Distributed Denial of Service (DDos) is an intentional overload of a network designed to shut down the network or website.
- Inside Attacks occur when someone working for the company, with administrative access to confidential or sensitive data removes the information for ulterior motives. This often happens with disgruntled employees and many companies do not have an established, effective procedure for revoking access privileges from a departed employee and determining if they have removed any sensitive data.
- Malicious Software (or malware) is a program that is introduced into a target network or computer to gain external access or inflict damage on the system that would require repair.
- Password Attacks can occur by guessing passwords until the hacker gets in and sometimes uses a dictionary program that continuously tries different dictionary word combinations. Another approach is keylogging which traces the user’s keystrokes to determine sensitive information such as ID’s and passwords.
What action steps can be taken against cyber attacks?
- Firewall – In order to combat cyber attacks, security software such as Antivirus applications can be installed on networks and individual devices. Firewalls in the form of software or hardware can be installed on servers, routers, and devices to establish an incoming layer of defense against unauthorized users from entering the network.
- Data Protection – Sensitive data can be protected by encrypting the information, developing password security and implementing two-step authentication to further protect passwords and login information.
- Data Backup – Establish regularly scheduled back-up of data so that any damage that is done during an intrusion can be recaptured from the backup location.
- Insurance – Investigate business insurance coverage since standard business insurance often does include cyber security coverage. This extended coverage could provide financial support for the data recovery process, legal fees, implementation of a public relations and custom notification campaign and business interruption compensation.
What are your next steps to combat cyber attacks?
- Policies & Procedures – Establish companywide policies and procedures for cyber security and have someone at the company responsible for enforcing the established protocols.
- Update Software – Keep software up to date since software developers are constantly updating their software including security measures to deal with known and anticipated hacking.
- Employee Education – Educate your employees about the security measures and known ways that outside hackers may be attempting to access your network. They should also be made aware of what to look for and who to notify if they notice unusual activity when using their devices.
- Review Procedures -Review and practice your security and backup plan periodically to ensure that security measures are being implemented, monitored, and correctly addressing cyber attacks.
Taking all of these steps will not guarantee that your network will not be targeted by cyber thieves, but similar to a security alarm it may deter them from attempting to enter your system and also have you prepared to deal with the consequences of a data breach or network failure without a major interruption to your business.
As cyber security hacks have become prominent in the news, certain industries such as healthcare, finance, and insurance have increasingly added detailed security requirements for these regulated businesses to take progressive steps to protect their data. Even if you are not in an industry that currently requires strict protection of company data, it is wise to explore cyber security measures to protect payroll, bookkeeping, credit card transactions and any customer interaction information that is a vital part of your business.
All companies are different and there is no one plan that will work for all businesses. Global Link Communications can provide a comprehensive cyber protection plan that is designed specifically for your business. Contact Robert Sidky (215-485-4003; email@example.com) for a free, no-obligation evaluation of the data security risk that your business faces and the explore the best approach to dealing with the risk.