6 Pro Tips Will Help Protect Your Business from Cyber Attacks
Protecting your business from a potential cyber attack can feel like something futuristic — the type of security breach that only happens to large financial organizations or multi-national corporations. Unfortunately, businesses of all sizes are falling victim to these vicious attacks, which can cost hundreds of thousands of dollars and require weeks for your business to return to a fully operational mode. Small businesses are most often concerned about the loss of consumer data, but they should be considering the impact on their business operations. In the event of a significant attack, more than 60 percent of small businesses close their doors within six months.
Studies over the past 5 years show that more than half of small to mid-size businesses have already experienced a breach of some type: either an external intrusion, malware or loss of data due to human error. The instances of these malicious attacks are on the rise, causing business leaders to research ways to protect their business. While the threat is truly real, it can be difficult to prioritize cybersecurity when you balance the future potential of attack against the immediate technology needs of the organization. Protecting your business against infiltration by outside sources does require a concerted effort by your technology team and ongoing focus from leadership, but it can start with small wins that serve as building blocks for deeper security measures in the future. We recently spoke with several technology professionals whose job requires them to stay up-to-date on the latest threats and how to counter them and put together this list of tips that will help you protect your business from cyber attacks.
1. Tighten Those Firewalls
Creating a secure environment for your staff members to do their job starts with ensuring that their activities on the web are fully protected — and that means firewalls and antivirus protection. According to Landon Futch, GM of Essential Solutions in Baton Rouge, “It’s imperative that your router is firewalled and have at least medium firewall rules applied to it” as this can help reduce the possibility that individuals are able to gain access to sensitive information through everyday activities of staff members. Marcel Manning, Managing Director of NexgenTec adds: “Also take a look at port forwarding and security rules and remove any rules that are no longer needed, as any open port poses a potential security threat”.
2. Institute Serious Password Security
Employees often consider passwords to be a waste of time — everyone uses the same simple passwords, right?!? Scott Ostergard, President and CEO or NT Connections in Reston, VA notes: “The password to your email is king, and should be different than any other password you have and should never be reused.” He goes on to recommend having a secondary email address that you use for subscriptions for purchasing or downloads because you can’t always trust the security level on various websites. Anthony Buonaspina, CEO and founder, LI Tech Advisors, advocates for testing your password strength by using tools such as https://howsecureismypassword.net and utilizing two-factor or multi-factor authentication on all websites.
3. Raise Cybersecurity Awareness Throughout the Organization
Ostergard advocates for creating a comprehensive training mentality around cybersecurity that permeates the organization. This could include everything from how to determine whether emails and websites are valid or spam to how to identify situations that could be problematic before they happen. Many businesses are finding their security breached simply because a staff member clicked on an appealing link in their email before fully vetting whether the link led to a trusted, secure website. Joe Cannatta of Techsperts, LLC agrees, since the majority of serious threats originate from emails, making it especially important to fully train employees on the warning signs of a malicious email. Some of these warning signs include:
- Call to action emails that have a link requesting your username and password
- URLs in emails that point to unfamiliar websites
- Out of character emails from known senders that have links or attachments that you weren’t expecting
4. Create a Comprehensive Backup and Disaster Recovery Strategy
The LI Tech Advisors team also urges businesses to find a cloud-based backup that works for your business. Not all organizations have the same needs: some are perfectly fine with an hourly backup of data while others need assurance that every detail of their business is being recorded offsite in real time. Your IT managed services provider is a great resource to provide you with the questions that will help analyze the deeper needs of your business so you’re able to scope adequate backup and disaster recovery protection.
5. Apply Security Patches Immediately . . . Every Time
Security patches for major software packages are not something that can be added to a to-do list to be completed later — they may merit an all hands on deck approach to ensure that your critical business systems stay protected at all times. Manning concurs, stating “When a security patch is released, it should be applied immediately to prevent your software from being exploited due to a known vulnerability”. While small businesses may not always be the focus of bad actors, hackers who encounter barriers may be tempted to pass on your systems and move on to an easier target if known vulnerabilities have already been patched. Whether or not your cybersecurity is bulletproof, having critical patches enabled in a timely manner can signal to hackers that you are more focused on protecting your organization, which can make your business less appealing for someone looking for an easy score.
6. Invest in Virus and Malware Protection (and Keep it Updated!)
Antivirus software is a multi-billion dollar business for very good reason: it helps provide a layer of protection for your organization’s sensitive business systems. Without this added boost, cyberattackers have easier access to your unprotected systems. If you’re unable to get paid virus protection on every system, at least invest the time in adding a free initial trial to your systems that can be activated as soon as you’re able. While not ideal, it can serve as a stop-gap measure to a time when you can be more aggressive in adding protection to your computers. Don’t overlook interconnected systems such as servers and routers, either. These systems often serve as entry points for savvy cybercriminals who are looking for a weak point to infiltrate your system.
Creating a high level of cybersecurity throughout your organization will take an investment in time, energy and focus but pays significant dividends in the event of an attack. The majority of attacks are now web-based, but social engineering and malware attacks continue to be a serious threat to the security of your business systems and sensitive customer data. If your business is able to start small with your investment in cybersecurity and simply put password reviews and employee security training in place, that can help dramatically reduce the threat of human error while you’re putting stronger protection measures in place. While many business leaders continue to be concerned with the potential of a cybersecurity incident, taking proactive action is the best way to ensure that your business will survive a potentially devastating attack.