As the owner of a small or medium-sized company, you probably have invested a lot in the physical security of your work space. But there is another kind of threat that could be right in the middle of your operation.
Cyber attacks on small and medium-sized companies are increasingly common. In fact, 43% of all cyber attacks are aimed at small businesses, according to a study by the company Symantec.
When a hacker attacks a small or medium-sized company, it is usually to steal sensitive data (such as information on credit cards or personal information that can be used for identity theft), to access the resources of a specific system (such as a directory) or to demand payment in exchange for encrypted information (what is known as ransomware), according to a white paper by the SANS Institute.
As if the day-to-day challenges of operating your business were not enough, now you must also consider these forms of attacks, which can be attempted through phishing (usually via e-mail), social engineering and web-based attacks to insert a malicious code. But there is a way to be proactive in the face of this uncertain landscape. The first thing you must do is a risk analysis to identify your business’s assets and resources, because the criminals probably also consider them valuable, said Jose Arroyo Cruz, vice president of Obsidis Consortia Org and cyber operator for the National Guard. Once you determine what you need to safeguard, you can outline a plan for preventive measures to take.
- Establish rules on appropriate use of technology with your working team
Signing a document is not enough. You should have a conversation about why digital security is important, not just for the business, but for everyone.
Arroyo suggests that clear policies must be established for the proper use of the Internet, e-mail, computers, cell phones, tablets and security cameras at work.
Some tips from the National Cyber Security Alliance are:
- Determine which programs can be downloaded or accessed from the work computer and which ones cannot.
- Use strong passwords that are different for each service.
- Do not open unknown e-mails, messages, posts or attached files.
- Do not use personal pen drives or hard drives at work.
- Install and periodically update anti-virus programs
The federal Small Business Administration suggests that all of a business’s or company’s computers should be equipped with anti-virus and anti-spyware programs. The SBA recommends configuring the programs for automatic updates to address new vulnerabilities in the systems.
Digital Trends listed the best programs for protecting electronic equipment from threats: Avast!, Comodo, Sophos Home, 360 Total Security Essential, Malwarebytes Anti-Malware Free, Bitdefender Antivirus Free Edition and SpyBot Search & Destroy.
- Develop safe practices for managing confidential information
Establishing an appropriate management protocol for confidential documents or sensitive data for the operation of the business is essential. This prevents privileged information from falling into the wrong hands, which does not only occur through cyber attacks.
First, you should catalog the types of data that you have in your business. The Federal Communications Commission (FCC) lists some kinds of valuable information:
- Customer payment card transactions.
- Customer addresses and e-mail addresses.
- Customer service information.
- Medical records on patients or employees.
- Employee payroll records.
- Personal financial statements and business records.
- Marketing plans.
- Product designs and development plans.
- Legal, fiscal and financial correspondence.
You already have the data, so now it’s up to you to protect it. To do that, Arroyo recommends encryption of data and establishing access levels for all employees, depending on their roles and the information they must access. The FCC offers detailed methods on how to implement these access restrictions.
- Protect the networks from intrusion by third parties
Make it a priority to protect the networks from access to the internet by using a firewall, encrypting digital traffic using a VPN, creating secure passwords with two-step verification or hiding the network. If you offer wifi open to the public, be sure it is separate from the business’s internal networks.
- Establish a schedule of backups
Be sure to have a Plan B when you safeguard your important documents. First, encrypt the data with programs such as PGP or GnuPG, the FCC suggests. Then, make periodic backups using cloud storage and external memory that has security tools, to keep your information three times safe, said Arroyo.
Ensuring that your business is ready before a cyber attack is a priority when determining the needs of your operation. Keep up to date with the cyber security trends and the incipient threats to ensure the success of your operation.