Cyber attacks have become almost a modern form of warfare. They happen daily with millions of people affected. There are numerous reasons why you don’t want a security breach, and they can range from:
- Reputation loss.
- Potential revenue loss.
- Insecure proprietary and personal data loss.
It can be complicated to put a price on the loss of valuable information. This is data that you have accumulated through time, effort and money. Any cyber attack can be detrimental for your business whether it is big or small. One of the largest security violations of 2013 was the Target breach. It affected 40 million customers and left they, as well as everyone else, questioning the safety of their online, credit and debit purchases. Many lessons can be learned from this tragic incident.
Where Do You Start?
Studies reveal that over 30 percent of corporations are ill prepared to defend themselves against an unforeseen security breach. Here are some statistics that may appear chilling:
- 3 in 4 Americans have experienced or will experience a cyber crime.
- Within the past year, 90 percent of businesses have been subject to a hack.
- 77 percent of companies were cyber attacked more than once.
- Over $1 trillion of intellectual property has been lost or stolen.
- One group infringed upon over 100 universities.
It is crucial to figure out what needs protecting. Understand what sensitive data is being maintained and where. If anything is being stored unnecessarily, have it eradicated securely and immediately.
Purchase Cyber Liability Insurance
A study completed by the Chubb Group of Insurance Companies shows that 65 percent of companies go without cyber liability insurance. This is even though the majority of them view cyber breaches as their top worry. Additionally, this doesn’t just affect large corporations. The U.S. Secret Service has found that 72 percent of cyber risks have reached small-to-midsized businesses. Only 35 percent of companies actually purchase cyber liability insurance. It is mainly because many businesses haven’t yet heard of it. But with the consistent increase in breaches, more businesses are looking into this form of protection. Standard liability policies do not cover a cyber attack. If you need help deciding, these facts may push you forward:
- Six out of 10 business owners believe a data breach would compromise client relationships.
- 38 percent of business owners would have a poor view of companies that respond inadequately to breaches.
- 71 percent of business rely on the Internet for everyday operations.
The first and easiest place to start is with password protection. Many security breaches can be traced back to weak and insecure passwords. First and foremost, they should be encrypted. Next, they should be changed regularly. A strong password should be between 10-12 characters with upper and lowercase letters in addition to symbols and numbers. If you would prefer to use just letters, stick to 20. Microsoft has a free password checker to verify the strength of your passwords. If you have a multitude of apps, laptops, tablets and servers to manage, there are password software solutions available to help. Furthermore, make sure to steer clear of these five passwords:
Safeguard Susceptible Data
When you encrypt your data, this means no one can read it except for you or the intended end user. If someone decides to steal your computer or hardware, that may cause another loss. The good news is there are tools to enable full disk encryption. Utilize triple redundancy in the event you ever lose the key. When it comes to Internet traffic, you can protect it with VPNs. Virtual Private Networks essentially create a secret tunnel for moving messages. Attempts can be made to access the transmitted data, but it will still be safe. Your cloud storage provider may already encrypt your data, however, for extra security, you can add an extra layer of encryption. A tool such as TrueCrypt or similar works well if you use a service like DropBox.
Implement a Strict BYOD Policy
Data is most sensitive when it is in a state of transfer. Especially if it is sent to insecure devices or email accounts. When files are synchronized from the corporate network to a mobile device, a hole can be created through the security fabric and leave it open to hackers. These are some suggestions to help prevent that from happening:
- Transfer your security policies for your web applications to your mobile devices.
- Set clear rules for which types of devices you are able to support.
- Ensure employees thoroughly understand all expectations.
- Create a list of apps that are completely off limits.
- Make PINS compulsory.
- Create a policy list for all employees, and provide thorough training.
Secure Your Network
Although a wired network is the most secure, it isn’t convenient or versatile enough in today’s world. Unfortunately, Wi-Fi networks are one of the easiest to compromise. With a wired network, a hacker has to physically plug into outlets or modem ports. That is not the case with Wi-Fi. Here are tips to keep your Wi-Fi network safer:
- Disable the service set identifier (SSID).
- Enable Wi-Fi encryption.
- Filter your MAC address.
- Modify your router’s login credentials.
Don’t use WEP to encrypt your network, it is highly vulnerable. Hackers can use tools such as BackTrack and WEPCrack to gain access. Every router comes with a login and password. Hackers can find the login information for default routers, so changing your password is essential. It is also important to change your SSID password, especially if you are located in an area with a large population. As stated earlier, keep your passwords complex with a mix of numbers, symbols, upper case and lower case letters. Additionally, set the capability of your router so the range is only what you specify. Finally, keep your router refreshed by staying abreast of any manufacturer upgrades and updates.
Online access and data is essential to business operations. Unfortunately, the more that companies rely on the data, the more prone they are to data thefts and losses. Of course, as hackers become more sophisticated, there is no sure guarantee that you won’t ever experience a breach, you may already have. But, in the end, a more a proactive approach will give you some peace of mind. How will you be protecting your company this year? Will you be utilizing any additional methods?