In all the movies, hackers are always portrayed as slightly glamorous if subversive mavericks, pounding away loudly on keyboards, breaking into mainframe computers and finding backdoors into systems, usually to stop some dangerous threat.
The reality of course, is very different. Hackers are criminals rather than heroes and often very successful ones, usually stealing data and personal information, installing viruses or simply destroying information for the sake of it. According to the Center for Strategic and International Studies, cybercrime and cyber spying cost the US economy $100bn a year and the global economy about $300bn annually.
Big attacks by hackers make the headlines around the world. Just think of the damage done to Sony Pictures in 2014 when hackers stole and released personal information and emails belonging to executives, or of JP Morgan Chase which lost names, addresses, phone numbers and email addresses of 83 million account holders to hackers.
But the truth is that while attacks on big companies make the news it is small and medium businesses who are most at risk of malicious attack and not because their data is any more valuable but because it is often so poorly protected. A report from software security company McAfee found that in the US nearly 90% of companies don’t have any data protection for company and customer information. What’s more, fewer than half of companies secure their company mail to stop phishing scams. Symantec conducted a study that showed three out of every five cyber attacks were on small businesses. And many of these businesses don’t have the financial resources to survive a serious data breach.
What’s more, if it is clear your company hasn’t taken reasonable measures to secure customer information or didn’t properly notify them of a breach in your systems, you run the risk of being sued by rightfully angry clients. If financial data is lost, your liability to credit card companies or banks in connection with fraudulent purchases, refunds or card re-issues could be huge and put your company at risk. If you are dealing with sensitive financial information it is worth buying cyber liability insurance to mitigate any losses such as notification costs and regulatory compliance associated with a breach of your IT networks.
But, of course, it’s wiser to stay safe in the first place and put measures in place to stay protected from hackers and online scammers.
One of the best ways to do this, especially for business owners who are short of time is to outsource some security tasks by engaging with managed service providers. But there are certain other measures you can put in place to reduce risk. It seems that some 80% of security-related incidents occur as a result of employee behavior. You need to make sure your staff are aware of the risks. After all they will be spending much of the day online and you need to make sure that they are not accessing websites that will put your data at risk. You need a clear picture of what transactions are occurring internally and externally on your company networks. You need to conduct a cyber-risk assessment and analyze the data from your employees and customers. You then have to look at how you are protecting that information. Basic measures you should put in place should be:
Firewalls are essential. If you’ve not got one installed, do it today and if you have one, make sure it’s updated. A spam filter will also help ensure that malware will not make it into your network or servers in the first place.
You need to invest in antivirus protection and make sure it is constantly updated to detect and delete any threats that make it into your networks. Hackers are constantly updating and rewriting their malware programs so it pays to always have the latest protection.
Make sure your operating systems are updated and patched. Leaving this till later puts you at risk.
Only download software from sites you trust. Make sure you read reviews and do research before you install anything you are not sure about.
Change your passwords often. This advice is probably the most important when it comes to protecting your networks but very few people seem to follow it. Make passwords complex and update them every few months. A mix of upper and lower case letters, numbers and symbols works best.
Educate your employees. Your staff need to know as much as the boss when it comes to new threats, internet safety guidelines, and what they should do if they lose vital information or suspect that malware is on their computer.
Have a plan in place – when security is breached you need to know how to tackle it. Identify your most critical resources, invest in good backup solutions for archiving your files and run frequent tests. And don’t forget to implement encryption technology on computers and removable media like flash drives to prevent unauthorized access to your confidential business information.