CYBER SECURITY | 10 MIN READ
With 4,000 businesses being hit by cyber-attacks every day, companies can no longer afford to assume they are too small to be a target. In fact, smaller companies are more often a target because their security is far simpler to hack into.
Figuring out how to protect your business from cyber-attacks while also managing all other business aspects can be overwhelming. The Internet can give you information overload, sometimes to the point where you don’t feel like your questions are being answered.
That’s why we decided to answer some frequently asked questions about cyber security so you can figure out what you need to do to protect your business and get back to running it.
RELATED: Equip Yourself: Network Protection
Simply put, firewalls virtually keep would-be intruders where they should be – outside your network. By putting up a virtual “wall” against inbound and outbound traffic, firewalls choose whether to allow or block certain traffic through. Firewalls serve as a good basis for building your network security.
Though good firewall hardware can prevent some spam/phishing emails from getting through, hackers use highly sophisticated methods that are likely to break through a firewall if it's the only source of security.
Use firewalls as a start to building your network security, but don’t stop there. Building a robust security framework helps provide multiple layers of protection to your network.
While firewalls are a good start to securing your network by controlling the ebb and flow of traffic, another good foundational way to secure your network is with anti-virus software. While firewalls control network traffic, anti-virus software sends you alerts when it finds potentially harmful files/programs.
Keep your machines virus-free by installing the latest security software and anti-virus protection. You should set your anti-virus software to run a scan after each update and install other key software updates as soon as they are available.
Basic anti-virus software is excellent for keeping out common forms of malware, but does little to thwart hacking attempts. Stronger forms of cyber security are necessary to achieve this level of protection.
Although both firewalls and anti-virus software help set a precedent for maintaining your network, a key way to holistically manage your network security is by hiring either an internal or external IT team to diligently monitor and address security threats.
Although installing anti-virus software is an effective way of scanning your network for security threats, another easy way to control the odds of a virus spreading across your network is to limit which employees have the ability to download files and programs on their work computers.
For instance, Google Chrome has a setting that allows a company to prevent someone using Chrome on a computer from downloading specific or any files.
There are some overlooked security risks that come from letting employees have free access to downloads.
For example, your sales reps might feel the need to download software they think would be helpful for their jobs. They might even want to download some music to listen to while they work.
If an employee does not follow Internet security best practices then they might accidentally download a virus onto their computer. Not to mention, it can be very difficult to spot a malicious link, and a virus that can compromise your entire network could have been uploaded innocently.
An overlooked security risk is employees allowing their children to use their work laptop at home. Children are known to download free games from unprotected websites that are littered with viruses or malware. The best cyber education of your employees cannot help if the same employees allow others to use their computers.
By limiting who has authority to download, you can significantly reduce the likelihood of an employee accidentally downloading unwanted malware.
This is a common concern of employers and employees of their devices. Keeping passwords secure becomes infinitely trickier when you and your employees have to keep up with passwords across multiple accounts and devices, and the result is often the use of the same password for every account.
A simple way to protect passwords is to ensure that you and your employees are using unique passwords that are changed every three months.
Additionally, encourage everyone to not use the same password they use for their personal accounts (like their personal email password). If anyone uses personal account passwords, that creates a door that hackers can come in through if they hack into any personal accounts.
Though this is the hardest rule to follow, encourage employees to not write down any company passwords anywhere, whether that be on a sticky note or in the Notes app on their phone. Writing down passwords leaves documentation that hackers can find and then use to gain access to your network.
To create a strong, unique password, include, capital and lowercase letters, use at least 8-10 characters, and include a number and symbol. A pro tip is to think of a phrase that you can remember, preferably not a personalized phrase, and turn that into a password with a string of seemingly random words.
For instance, your passphrase could be "Win cat 34 G0ogle". With this tip, you have non-personalized, hard-to-hack phrases that you can still easily remember!
Cyber security training that highlights best practices for keeping your data safe online is increasingly becoming an important aspect of employee instruction, especially for employees that aren’t tech-savvy. It is one of the most important factors in establishing and maintaining a secure company network.
You could have the most difficult to penetrate network in the world and your employees could render it ineffective with poor Internet practices. The employees of your company are its greatest asset… and unfortunately, its greatest liability.
READ: Why Your Employees Are Your Weakest Link
Having cyber security training for your company can educate everybody on Internet best practices, from how to detect spam emails to certain tactics to use when on Google to many more. Good cyber security training minimizes the risk of your other network security protocols being rendered ineffective.
Additionally, it decreases the likelihood that your employees will fall victim to cyber-attacks by opening spam or going to malware-infected websites. Establishing basic cyber security practices and policies helps make everybody aware of how to behave online.
As we adapt and create more sophisticated cyber security measures, hackers are finding new ways to break into your network. One of the ways they break into your network is through a method you may have overlooked - your Wi-Fi. Leaving your Wi-Fi unsecured is like keeping the backdoor to your home unlocked.
Luckily, there are multiple ways you can protect your Wi-Fi from a hacker. For starters, you can provide a separate guest network, which will minimize the chance of office visitors using the Wi-Fi to accidentally take an action that lets a hacker access your network. Many Wi-Fi providers allow you to set up two separate accounts, especially if you’re a business.
You can also hide your Wi-Fi network’s name so that the only people that can find the network are those who type in the correct name. This will keep hackers lingering close by your office from searching for and gaining access to your network through your Wi-Fi.
Are any work apps installed on any employees' work or personal phones? Are any texts, documents, or photos containing sensitive company information on any employees’ phones? Do any company passwords exist anywhere, for instance on the Notes app, on any employee’s phones?
If you answered "yes" (or possibly) to any of these questions, you are at a higher risk of having personal company information stolen when employees either don’t follow Internet best practices or are hacked.
Work and personal phones can create significant security risks. While employees might think to be more diligent about Internet safety on their work computers, they might not think as much about it while using the Internet on a phone. Use of work and personal phones can provide ample opportunity for hackers to gain access to personal company information.
If an employee must use any phone for work related functions, require them to use a password and encrypt their data. In addition, make sure there are procedures in place for when a device is lost or stolen, similar to if you were to lose a credit card.
Much of the discussion around cyber security revolves around company computers, to the point where other sources that pose company risks, such as company credit cards, can become overlooked. Have no fear though, because there are ways that you can protect your company credit card from hackers.
When using the card, make sure you work with your bank to ensure that the best validation tools are being used. Ensuring valid and stringent verification methods when making purchases helps to both protect against unwarranted purchases and identify hackers quicker.
Also, make sure to also use different company computers for processing payments and general use. If possible, have a separate computer whose sole purpose is for processing credit cards payments as well as holding other financial data.
This tactic minimizes the risk of a hacker accessing your credit card information through an employee that was performing other computer actions such as accessing virus-ridden websites and opening spam emails.
Avoid saving credit card information in your browser. This is a helpful tip for employees who have a company credit card but who may not be as careful as you. Saving a card to your browser is a convenience tool, and although a breach like this may be unlikely, it's still possible.
It’s hard to believe but hackers have gotten bold enough to simply walk into businesses and upload malware onto a business' network through a copier with a USB drive. Additionally, while outside cyber-attacks pose a threat to your company, the risk of an employee accessing and leaking sensitive information on other computers exists.
By creating user logins on all your workplace technology, including computers, you can avoid these pitfalls. Creating user logins provides an added layer of security that can stop somebody with bad intentions in their tracks.
It’s no secret that companies have treasure troves of sensitive information about everything from social security numbers to financial statements. This information can be valuable when it gets into the wrong hands.
To better protect this information, minimize employee information access so that everybody only has access to what they must have on a regular basis to do their job well. For instance, the HR manager should not have access to the financials and the CFO should not have access to employee health records.
Following this tactic helps limit the amount of information hackers can access when they break into your network. Additionally, in the unfortunate event that an employee decides to leak information, they won’t have access to all sensitive information.
Whether you decide to use a cloud-based system, server, or external hard-drive to store backed-up files, backing up files ensures that in the event of a cyber-attack or power failure, workflow disruption is minimized, and important files aren’t lost.
The best method for backing up files is to install a software that regularly backs up all data on company computers. At a minimum, data should be backed-up weekly, but if possible, schedule for your technology to back-up automatically.
Data that’s critical to your business includes electronic spreadsheets, databases, financial files, human resource files, and accounts receivable/payable files. Being proactive about data backups leaves your company and its sensitive files at an advantage in the event of a power failure.
All the above advice will provide your company a solid foundation with which to protect your network from hackers. While this list is lengthy, there are many other ways that you can further secure your network.
One of the best ways to truly and holistically secure your network is by hiring either an internal or external IT team to proactively monitor your network for security threats. IT professionals are well-versed in how to monitor and manage a company’s network and can work with you to build a comprehensive protection plan through sound maintenance and prevention practices.
IT professionals are great at universally monitoring your network because, while other individual security measures, such as anti-virus software, can only understand your network through the lens of itself, IT professionals can examine each security measure for strong points, weak points, and how each measure works together so they can best protect you.
The online world changes and updates so frequently that your company cannot afford to get left behind or be left un-protected. Use this article as a guideline toward establishing effective network security measures in your company today.
Want to Learn More?
Why Small Businesses Are More Prone to Cyber Attacks
Superior Solutions - for IT on a Budget
Phishing Tips: A Simple Guide to Avoiding Malicious Emails
Here's Why Your Employees Are A Major Security Risk
cybersecurity best practices