One of my favorite movies of the 1980s is “Wargames,” in which a teenage hacker, played by Matthew Broderick, accidentally activates a nuclear defense computer program named ‘Joshua.’ The program contemplates launching the US’ arsenal of nuclear weapons in a preemptive strike against the Soviet Union. With the computer seizing the missile codes, the military officers at NORAD attempt to simply turn the system off to prevent the incursion. When they reboot, Joshua starts right back up again.
Cyber attacks today are just like Joshua – you can’t simply turn off the system and make the threat disappear. You can implement preventative measures into your business’s infrastructure to vastly lower the chance of a cyber attack against your business. Let’s take a deeper dive into those practices after exploring the modern world of the cyber attack.
Cyber attack statistics
In 2016, cyber attacks cost the global economy a record $450 billion. That number seems enormous until you realize the same survey predicts that figure to top $2 trillion by 2019 – an increase of 344% in just three years’ time.
It’s not just random outside hackers that most industries have to worry about: last year, 56% of attacks on the financial industry and a staggering 71% of attacks on the healthcare industry were inside jobs. Symantec estimates that 3 out of every 4 websites has an unpatched vulnerability right now. That means that the hacker doesn’t have to pick the lock or disable the alarm – a window is already open, and the hacker just has to find it.
If you’re thinking attacks are only a problem for big businesses that have massive stores of precious personal data, think again. Hackers will go after small businesses because they believe them to be easy prey with lower-class security systems. In fact, 60% of small businesses are no longer in business within six months of a cyber attack because they aren’t prepared to deal with the repercussions.
So what can you do to prevent cyber attacks and avoid the messy cleanup of a cyber attack’s aftermath?? Here are five smart ways to spend your IT budget that will go a long way towards keeping your company safer.
Enact an Internal Use Policy
Between BYOD (Bring Your Own Device) policies in the office, laptops for employees who travel, remote access, and more, a company can have great difficulty tracking who has access to sensitive infrastructure and ensuring that employees are careful about how they access that infrastructure. To create a means of governance over your company’s data and process, consider drawing up an internal use policy and having employees sign it as part of their contracts. You can stipulate anything from what personal devices can be used in the office to which employees have access to what data. To further strengthen the internal use policy, specify under what circumstances certain parts of the system can be accessed: i.e. customer personal data can only be used for marketing and advertising research, not for employees to scan through when they’re bored on their lunch hour. This policy will not only give your employees a very clear path to follow but also give you a means of holding wrongdoers accountable when the need to discipline, suspend or terminate an employee breaking these rules arises.
The Almighty Password
While a password based on the date of your wedding anniversary or a combination of your kids’ first names plus the years they were born is easy to remember, it’s also what hackers are counting on: passwords that are easy to guess and don’t change often. The best passwords contain a mixture of different character classes, both lower and uppercase letters, and are words or phrases that don’t exist in real life. Don’t be the person who gets hacked because your entry point has been “Password1” all this time. It’s a lot tougher to make your employees resolute about their passwords than remembering to change your own, so consider a mandatory failsafe such as a screen that bars them from accessing the system until their password is changed every 60-90 days. Any time an employee is suspended or terminated from the company, ensure that their account is automatically locked down. Lastly, commit your password to memory every time you change it. Never write it down on paper, no matter how secure a location you think you’re keeping it in.
A Cloud-y Forecast
If a thief comes looking for your valuables while you’re on vacation, what’s the only 100% guaranteed way to ensure he doesn’t walk off with them? By keeping them somewhere else, of course.
When you move your business’s infrastructure and data stores into a cloud computing environment, you slam the door on many tactics that cybercriminals use to access your company’s data. Cloud computing companies’ reputations are based on their ability to keep your company’s data and infrastructure safe and secure, and they have experts online every second of the year watching for cyber attacks through the use of intrusion detection systems. This sort of security outstrips a firewall or virus detection software because it is on the prowl for attacks from both inside and outside the system. Additionally, cloud computing appeals to small businesses that don’t have the necessary funds to purchase the security packages and server farms needed to provide high-end protection.
Just like we tell our kids not to open the door for strangers, we must be extremely vigilant when it comes to letting trouble through our company’s front door – email accounts. Email is so familiar and so much a part of our lives that it’s easy to be fooled by messages that seem legitimate but really aren’t. When employees are aware that their company uses a spam filter for email, they often misinterpret this security measure as an assurance that everything appearing in their inbox has passed the spam test and is safe to open.
Ego is something that very rarely gets discussed when it comes to being fooled by emails. When you’re a small business owner, nothing is more exciting than seeing an email come across your server that suggests someone wants to do business with you or wants to buy from you. “Too good to be true” emails have sucked in thousands of small business owners eager to get that first taste of profit.
The three smartest ways to avoid the cyber attack practice of phishing via email are:
- Don’t click on links in emails: Hackers can easily imitate the look of a well-known website’s email template and embed links that send you to nefarious websites. Even if it’s a company you know, take the time to visit the website directly (not through the provided link), log in, and access the intended linked information.
- Never open attachments: With the emergence of sites like Google Drive, Dropbox, and so on, attachments are slowly becoming outmoded. When you see one attached to an email from a supposed business, a red flag should raise in your head; question the intent of such an attachment.
- Don’t give out personal information over email or via phone unless you’re 100% sure of who you’re talking to. Your personal information and that of your employees is worth big money on the open market, where it can be translated into any number of illegal schemes. Be particularly wary of hackers who will attempt to overcome your bias by providing some of your personal information in their initial contact – like your name and the company name – in an effort to get you to send them more.
Preventing cyber attacks might seem like a task outside your technical skill set, but the proper application of security basics combined with safeguarding your company inside a cloud hosting environment can dramatically lower the risk of your business coming under siege.