Monday, 26 October 2015

Don’t Get Tricked by Cyber Attackers

Don’t Get Tricked by Cyber Attackers

Halloween, a day known for tricks and mischief (and also lots of treats!), is just a few days away. I’ve been thinking about the tricks thieves are using to steal information from small businesses.

The consequences of a thief tricking you or one of your employees into granting access to data or entrance to your building are obviously more serious than harmless Halloween tricks. Information loss – whether due to an employee’s innocent mistake or a natural disaster – can take a devastating toll.

Neither thieves nor Mother Nature discriminate by company size, so small business owners must thoroughly audit their cyber and physical security vulnerabilities and take steps to minimize the risks.

Attackers do not discriminate

A number of companies have suffered massive data breaches in recent years. Cyber attackers covet such sensitive information as IP addresses, financial statements, and personal employee information, and they don’t care where they get it.

Half of more than 650 small business owners surveyed for a recent National Small Business Association (NSBA) report suffered a cyber-attack, with 61 percent of those attacks taking place in the last 12 months. According to the NSBA, the cost of cyber-attacks is on the rise. Last year, one breach cost small businesses an average of more than $20,000, a substantial increase from the 2013 average of $8,699.

The traditional approach to cyber security is to harden the network and lock down PCs, laptops, and mobile devices with antivirus software. That strategy is proving ineffective as cyber attackers grow more sophisticated.

Threats inside and out

There are two basic types of cyber attackers: external and internal. The external actor penetrates a network and steals data to sell on the black market or to the victim’s competitors. They try to take advantage of weaknesses in human nature rather than technology flaws.

For example, a phishing attack is typically an email message that includes official-looking logos and appears to be genuine. When the end user follows the email’s instructions, he or she is directed to reveal sensitive or private information.

The internal actor can either be a “rogue insider” – a.k.a. the disgruntled employee – or a well-meaning employee who doesn’t follow security best practices, such as installing software patches. Basic software solutions, like internet browsers, have their fair share of security vulnerabilities that malware writers can exploit without the need to interact directly with the user.

Simple and inexpensive security precautions

I’m painting a pretty scary picture worthy of Halloween, but I also want to debunk the myth that cloud computing is inherently unsafe. Rest assured: any reputable cloud services or application provider takes the security of your data as seriously as you do.

Here are four key steps any small business can take immediately – and without a dedicated IT team or budget – to improve its security posture:

  1. Don’t ignore software patches. Make sure your business software has the latest updates, security patches, and bug fixes installed. You can set your software to update automatically. A key benefit of cloud-based software is you’ve always got the latest version installed.
  1. Install a small business software security solution that includes strong encryption capabilities. Work with a reputable vendor and integrator to find the best product for your needs.
  1. Educate your employees. Your employees are your greatest business strength and your biggest security vulnerability. Provide them with regular training so they know not to click on links in suspicious emails, download files from unfamiliar senders, or send sensitive company or financial information on public wireless networks.
  1. Implement a data backup and recovery system so you can restore data quickly and easily if you ever fall victim to an attack. Routinely save your data off-site on your own system or with a cloud backup service.

Implementing a backup and recovery system also protects you against damage or loss of physical infrastructure caused by a thief or natural disaster. The American Sustainable Business Council reports that 57 percent of small businesses have no disaster recovery plan. Creating a plan that will direct your efforts to get the business back up and running quickly should be as high on the priorities list as protecting against cyber-attacks.

These statistics and recommendations are meant to educate and guide your preparations, not frighten you. Protecting your information, systems, and employees doesn’t require a substantial investment in cyber security technologies, trained personnel, or expensive motion-sensing infrared cameras.

It does, however, require you to conduct a careful analysis of physical and cyber security vulnerabilities; address those vulnerabilities; and conduct regular audits and employee training sessions to ensure your company’s security position remains strong.

The post Don’t Get Tricked by Cyber Attackers appeared first on AllBusiness.com

The post Don’t Get Tricked by Cyber Attackers appeared first on AllBusiness.com.

No comments:

Post a Comment