A Proactive Vs Reactive Approach
Did you know small businesses are targeted in 43 percent of cyberattacks and 58 percent of malware attacks? Too many small business owners fail to take proactive steps to protect against cyber dangers because they mistakenly believe their data is not valuable enough for cybercriminals to steal. They’re wrong. Small businesses are targeted for two reasons. First, they have more vulnerabilities that hackers can exploit. Second, small businesses often serve more attractive targets, such as large corporations. It’s up to you to identify best practices to protect your company.
Cybercriminals look for the weakest link on the value chain. Do you remember the Target breach in 2013? The company was hacked through its third-party HVAC vendor, and this year, Best Buy, Sears, Delta and several Fortune 500 firms were hacked through small, third party vendors. You don’t want your business to be the reason for a customer’s public relations nightmare.
You can’t stop your business from being targeted, but you can reduce the likelihood of a successful attack. The trick is to be proactive. Remember that cybercriminals tend to go for the easiest targets. By implementing a few straightforward guidelines into your own cybersecurity processes, you will become a less attractive target.
The most important policy to implement in your small business is for you and your personnel to change passwords regularly. Changing monthly would be best, but they should be changed at least every ninety days. Also, do not use the same password for multiple accounts. I know many of us dislike having to memorize a dozen passwords but resist the temptation to use the same password. Doing so makes your other accounts vulnerable. If you’re concerned about managing multiple accounts, there are great tools available to do this for you.
Email is another popular channel cybercriminals exploit to gain access to a network. Cybercriminals can make an email look like it’s coming from a different source, so you need to be vigilant. When you receive an email, look for information on the sending file. You can find out if it is authentic by hovering the mouse over the email link. Does it go to the site you would expect? Also, consider the entirety of the email. Were you expecting the email? If you weren’t, take a moment to reach out to the sender. Another way to identify a malicious email is to look for typos or awkward phrasing. When in doubt of an email’s authenticity, delete.
Policy As Prevention
Cybercriminals also use social media as a criminal tool, so having a policy is imperative to protecting your small business from cyberattacks. Social media creates a digital dossier, which can be used to identify your weaknesses. From socially engineered attacks to malicious backdoor links, cybercriminals have learned to optimize your social feed for their gain. Did you know there are reportedly 160,000 accounts hacked each day on Facebook alone? Think of how much information a person could learn about your business from your social accounts. From the names of your dog to the places you vacation, this information could be used to attack your business connections, defraud its identity, or find network weaknesses.
Several companies such as Hootsuite have guidelines that you can use to create a social media policy for your company that will cover how and what employees share on your company’s social pages. Social media is a great marketing tool if done safely.
There is no guarantee when it comes to preventing an attack, but being proactive will limit the likelihood of a successful breach.
By. Frank Huston
Frank Huston has over 30 years of Information Technology experience including, data center operations, managed service delivery, networking, and consulting. As Director, he currently manages operations for the Satcom Direct data center (SD Data Center) supporting both business aviation and non-business aviation customers.