You, the CEO of a small business, are under attack. Right now, extremely dangerous and well-funded cyber-crime rings in China, Russia and the Ukraine are using sophisticated software systems to hack into thousands of small businesses like yours to steal credit cards and client information, and swindle money directly out of your bank account. Some are even being funded by their own government to attack American businesses.Take the recent Facebook attack that is making the news – and that’s just one of many examples that are happening on a scary, frequent basis
Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot? Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses; you just don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of sheer embarrassment.
In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cyber-crime in the last year – and that number is growing rapidly as more businesses utilize cloud computing and mobile devices, and store more information online. Quite simply, most small businesses are low-hanging fruit to hackers due to their lack of adequate security systems – which is what prompted this urgent post to all of you.
There are a few simple things you need to be doing on a consistent basis to avoid being the next statistic:
- Keep Your Network Up-To-Date. New vulnerabilities are frequently found in common software programs you are using, such as Microsoft Office; therefore it’s critical you patch and update your systems frequently. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about missing an important update.
- Have An Excellent Backup. This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally (or intentionally!) deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!
- Don’t Scrimp On A Good Firewall. A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But all firewalls need monitoring and maintenance, just like all devices on your network. This too should be done by your IT person or company as part of their regular, routine maintenance.
- Don’t allow employees to download unauthorized software or files. One of the fastest ways cyber-criminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps. This can largely be prevented with a good firewall and employee training and monitoring.
- Require STRONG passwords and passcodes to lock mobile devices. Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. Again, this can be ENFORCED by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at risk.
- Train Employees On Security Best Practices. The #1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing e-mail (that’s an e-mail cleverly designed to look like a legitimate e-mail from a web site or vendor you trust). If they don’t know how to spot infected e-mails or online scams, they could compromise your entire network.
- Create An Acceptable Use Policy (AUP) – And Enforce It! An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others.
Want Help In Implementing These 7 Essentials? If you are concerned about employees and the dangers of cyber-criminals gaining access to your network, then call us about how we can implement a managed security plan for your business.
At no cost or obligation, we’ll send one of our security consultants and a senior, certified technician to your office to conduct a free Security And Backup Audit of your company’s overall network health.