2018 promises faster internet, increased connectivity, and unfortunately, more cyber-security threats as technology connects everything we do both on a business to personal level. This makes small enterprises soft target for hackers because they have more digital assets to target than an individual consumer, but less security than a larger enterprise. Another reason small enterprises are appealing targets is because hackers know these companies are less careful about security. They often underestimate their risk level, with 82% of small business owners saying they’re not targets for attacks, because they don’t have anything worth stealing.
Looking upon the statistics from January 2017 to June 2017, we see that in India, there have been more than 27,000 security threat incidents in both public and private organizations. Hackers have got plenty of attacking techniques up their sleeves including phishing, Denial of Service attacks, ransomware, malicious codes, etc. to attack businesses and steal sensitive information. Besides huge financial losses, such attacks cause reputational and operational disruption to businesses.
The end goal of a cyber-attack is to steal and exploit sensitive data, whether it’s customer credit-card information or a person’s credentials, which can be used to misuse the individual’s identity online. Let all this not daunt you because you can’t afford to lose time or money to hackers or a compromised net. Here’s an overview of everything you need to know to protect your business from data-scams, protect computers and networks and keep customers’ data safe. The steps outlined below reduce the chances of your enterprise becoming a victim of data-theft.
Internet of Things (IoT)
The real-time data collection is becoming important. Enterprises are acquiring IoT devices but these aren’t always secure as they create a potential backdoor into the organization. IoT comprises of dozens of devices that hide in plain sight from alarm systems, GPS, web cameras, HVAC to medical devices, such as pacemakers, and it’s impossible to identify which of these devices are connected to the internet. But since IoT devices lack built-in security, they are often easy targets for hackers. An automated program is used to locate IoT devices using the default admin credentials. This break-in is successful for the attacker because most users don’t change passwords often. Once in, hackers install malware, basically taking the system under their control.
Create strong, unique passwords
Your staff must create strong, unique passwords — comprising of upper- and lowercase letters, numbers and symbols — which must be changed every 60 to 90 days. There should be a password for every device used from a laptop, desktop to mobile phones. Research states that, 65% of small enterprises do have a password policy but this is not strictly enforced. We advise, your staff to set up two-factor authentication which is a two-step sign-in process adding another layer of security. Staff will then need access to another device or code to complete the sign-in process. If your staff use mobile phones make sure they use updated apps, including a security app.
Update your devices
You should regularly update your computers, including desktops, laptops, and mobile devices because an outdated computer is more prone to crashes, security holes and cyber-attacks than one which is protected. The importance of security patches is evident from the massive data breach that happened at Equifax, one of the biggest credit bureaus in the U.S., in July 2017. The attackers entered the systems of the company through an application vulnerability which led to data exposure of about 143 million people.
The operating systems and web browsers must be up to date to protect against the latest threats. Regularly check for new versions of software, including security software. Any software that’s stored on your computer will need updates. Cloud software should be automatically updated by the provider.
Educate your employees
The best thing you can do for your business is to have a security-first mentality. Don’t presume that you are exempted from falling victim to a data-theft breach because of the small size of your enterprise. Create awareness among your staff of the ways hackers can infiltrate your systems. Teach them to recognize signs of a breach, and educate them on how to stay safe.
Regularly backup the information on computers or laptop so any information compromised or lost during a breach can easily be recovered. You must have encryption software and passwords to protect sensitive data such as employee records, client/customer information and financial statements; and two-step authentication or password-security software for their internal programs to reduce the likelihood of password hacking.
Unauthorized people should not have access to company computers or laptop. Have individual logins for employees whenever possible. This can help you limit the privileges of employees and they shouldn’t share information\password of their accounts.
Secure Your WiFi
Your business’s WiFi can be an easy way to access data. Secure your WiFi so only employees can access it. If possible, set up the WiFi in a way that prevents employees from knowing the password. If you want an open WiFi for customers to use, set up a separate network. Guests should not have the same WiFi access as employees. This will help prevent unwanted people from joining the business WiFi and accessing files.
Cyber-security insurance is must to help you recoup losses or legal fees associated with a data breach, so a separate policy covering these types of damages can be hugely helpful in case of an attack. Many insurance carriers are beginning to offer tailor-made coverage for smaller companies to meet their budgets and risk-exposure levels. Look for a combination of first- and third-party coverage. First-party liability coverage includes any general costs incurred as a result of a breach, such as legal expertise, public relations campaigns, customer notification and business interruption. Third-party coverage protects you, if your company is at the center of a breach that exposed sensitive information. This type of protection covers defence costs if the affected parties sue your company.