Cyber criminals, hackers, and viruses… oh my!
Follow these tips to ensure your business is protected
THERE ARE THREE TYPES OF COMPANIES:
those that have been hacked, those that will be hacked and those that have been hacked but don’t yet know it. News of Heartbleed and the variants of Cryptolocker have highlighted once again that cyber crime is on the rise and a very real threat for small business owners.
To make matters worse, hackers don’t have rules, regulations and compliance concerns like HIPAA, HITECH, PCI, or Sarbanes-Oxley, which means that small business owners must take an offensive position to security. Unfortunately, many business owners don’t seem to focus on network and system security until after they’ve experienced a compromise, been adversely affected, or lost data.
To truly protect yoru business from the increasing number of cyber threats, consider taking an offensive, layered approach to security and be diligent at all levels, Security starts at the front door and needs to be well designed through technology but ultimately it must be monitored and audited, regularly. Gone are the days when it was easy to say”we trust everyone” or “I don’t have anything anyone would want”. Even if these statements were true, your systems could be used to attack other companies or steal personal identification data which could created great liabilities for you and your company.
What con you do to protect yourself from some of the threats out there today?
- Be deliberate about passwords and access. Make sure your staff changes passwords on a regular basis and require complex passwords. Deactivate user accounts for ex-employees. Change the default passwords for network devices such as routers, switches and Wireless Access Points. Limit remote access to critical servers and systems. Don’t use the same complex password across multiple accounts iternally or on the web. Ensure that users don’t have administrator access to their workstations or laptops. Remember, viruses and spyware have access to the same data on the network that the current ser does.
- Employ a layered security approach between your network and the Internet. This could include: a Unified Threat Management based firewall, URL filtering, third party spam filtering, encrypted email, an IPS (Intrusion Protection System> and a WAF(Web Application Filter).
- Have a seperate computer or system for online banking and discuss banking security services includingaccount controls with your commercial banker.
- Insist on routine vulnerability testing of your network and remediation as necessary. Make sure your company is using an advanced firewall. Be sure to keep your subscriptions and patching up-to-date.
- Make sure you educate users on what software they can use as well and what they should avoid clicking on. Batter yet, implement advanced filters and anti-spam services to prevent your users from ever getting malware infected emails.
- Keep your computer operating systems and main business line applications running on the most current and supported versions. Update your SSL certificates and application programming interface (API) keys. Replace any machines that are running WindowsXP because Microsoft stopped providing security patches for this operating system in April 2014.
- Ensure you have reliable, well-tested data backup and recovery system so that if you must restore, you can do so quickly and efficiently.
Suggestion: Talk with your security officer or IT Provider to ensure you are addressing these areas. The key to protecting your business is awareness, planning, protection and ongoing auditing before the cyber criminals knock on your business’ door.