Your business is invaluable. You put in a lot of hard work towards the growth of your business and gaining customer trust.
One day you wake up early, as usual, dress up and rush to your office. When you start up your computer you notice something. Everything is frozen! The files you were working on don’t open. Panic, fear & frustration creep in. “I have a backup somewhere”, you remember. Unfortunately the backup copies were unencrypted and they are now infected and corrupt, thus unusable.
Losing your files isn’t the only problem. You keep your internet banking login details in an Excel file on your pc, also unencrypted! This gives the hacker access to your bank account, where he transfers 100,000 shillings to his scam account. This all happened within minutes.
A scenario like this will leave you with a lot of work to redo and might even impair your business. Hackers are out to get you. Rarely a day goes by that we don’t see news of a company, often a major company, get hacked and their sensitive company data compromised. It serves as a reminder to everyone that security measures deserve constant evaluation. According to a nationwide study of small businesses done recently, 83 percent of small businesses have no formal cyber security plan, while 69 percent lack even an informal one. Meanwhile most of these businesses depend on the internet for daily operations.
Theft is not the only thing on the mind of a hacker: destruction is also a major motivator. Hackers may want to destroy all your records or just destroy your business’ reputation. Fortunately, there are things you can do to prevent being hacked. Even the most basic protection will discourage many hackers enough to make them go looking for easier pickings elsewhere. They are likelier to steal from people who leave their doors unlocked. So make yourself a difficult target and keep your business secure with these six steps:
1. Encrypt your data.
You HAVE to encrypt your vital business data. This includes your personal, employee & customer information. This will ensure your file safety. Even if the hacker gets access to the files, they will be useless to him since most modern encryption software offers high-grade protection for your data by using algorithms that generate virtually uncrackable ciphers. Anytime you store important data, when the data is at rest or is being transmitted over the internet, it needs to be encrypted.
Most operating systems come with full-disk encryption tools and it is recommended to turn these on. Windows encryption feature is known as BitLocker while on Mac it’s called FileVault. Activating these takes only a few minutes and once they are on, they will encrypt all files and programs on the drive.
Also, there are many other great encryption products out there that can solve your needs.
If you don’t encrypt your drives, a fiendish hacker can do it for you by breaking into your networks and encrypting your business data. Unfortunately, this will hold your company hostage and the hacker will, most probably, demand a ransom in exchange for the password. You definitely do not want this to happen!
2. Don’t store sensitive customer data.
There is little or no reason to keep sensitive customer records, especially credit card numbers, card verification value codes (CVV2) and expiration dates. Be sure to clear customer records from your system once you are done with their data or it is no longer needed for the business at hand. The risk of data violation supersedes the convenience for your customers. You will not be robbed if you have nothing that to be stolen!
3. Secure your hardware.
Burglars often physically break into business premises and grab electronic equipment including servers, laptops and phones, which are in turn, used to hack into the business database. With this access, the hacker can siphon funds through fraudulent accounts.
Make sure you have security alarms and motion detectors put in place. Physically locking down computers will make the burglar’s job tougher. Also, make network storage safer by keeping server rooms closed and under lock and key.
Finally, you can use tracking software for business laptops and other mobile electronics. The tracking firm can locate the machines if it they go missing, leading you to the thief’s location.
As earlier stated, it is not advisable to keep your customer’s confidential data, but sometimes there is data that you must keep for the business to run smoothly. First, according to privacy laws, your customers have the right to view the information you store about them. On the other hand, you cannot conform to this principle in case the original information gets compromised. Also, if your computer gets hacked or stolen, you can only bank on the backup copies for undisturbed business.
I recommend backing up your data on the cloud, instead of external hard disks which can easily get lost or stolen. But before you backup, ENCRYPT the data. The cloud is a much safer alternative which is very secure and allows you to access your files anywhere, anytime.
5. Tighten network security
Wireless networks are prone to attacks. Most victims are harmed through Wi-Fi networks, via “wardriving” (the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer. source:wikipedia). The best solution is to use wired networks. While they may be less versatile, they are more secure. If you must use Wi-Fi, the best practices are:
• Update to the latest encryption standard, WPA2 which has a much longer encryption key which makes it harder to break into. Enabling WEP will keep you at risk since it contains an easily cracked algorithm which is outdated.
• Create a strong password which contains capital letters, numbers and special characters, this will keep your data safer.
• Change the password frequently.
Finally, make sure you have a firewall protecting your network.
6. Train your employees
Many attacks occur when employees unintentionally and unknowingly hand over sensitive business information to a hacker. The hacker presents often himself as a respected person in need of information. Also, intrusion can come from a malicious link clicked while browsing the internet or sent to an employee via email.
Keep employees informed about threats by supplying them with best practices such as:
• Using strong passwords.
• Using secure networks while working remotely.
• How to look for and avoid malicious links.
Finally, every company should have a formal company internet policy, setting acceptable and prohibited online activities for employees.
Hiring an external expert can greatly improve your odds of averting an attack. Businesses can limit their exposure to cyber criminals by hiring a cyber-security specialist. A positive approach to cyber security can reduce the operational impact of cyber security policies and processes on your organization, mitigate the risk of disruption and revenue loss from cyber-attacks, protect and enhance your reputation, and potentially release cash from any contingent reserve or insurance policy.
About the Author
Anthony Mathenge is a tireless seeker of knowledge & blogger who writes for Systech Limited, a company that deals in ICT solutions ranging from Cyber-security, Software testing, Unified Communications & Software Integration. Check out their blog here.