Assembling Your Defensive Line Against Cyber Attacks
As the world scrambles to unravel the Equifax security breach and prepares for its inevitable implications, it's time for all business owners to look in the mirror. What are you doing to protect your business from similar attacks? Have you invested in cyber-security? Do you think this is something that only affects large corporations?
Hopefully, the idea that all businesses need online security is not new to you. Small businesses have become (in the eyes of many hackers) more attractive targets than larger enterprises, growing to represent nearly 50% of all security breaches. You have valuable data and are sometimes the gateway to reaching other partner companies or larger corporations that you work with. Hackers also know that smaller companies often don't have proper security in place and the theft will be much easier to get away with.
There are several high-level measures that can be taken to protect your business, but your first line of defense is your employees. More often than not, employees are the gateway through which unwanted cyber visitors enter. The sooner you establish security protocols for everyone in your company, the safer your system will be.
Policy
Everyone has to follow the rules. If you don't have rules, it's time to make some. Work with your IT partner to establish web usage rules and create effective internal communications explaining those parameters.
Internet protocol that will help protect both your business data and personnel include no personal emails at work, no opening strange links, and no downloading anything online. These may seem like basics for some, but your policy should leave no room for interpretation or exceptions.
Passwords
It's estimated that more than 50% of US companies' sensitive data can be accessed via an employee's smartphone or tablet. If a company computer isn't utilizing efficient passwords, our personal device is even more lax. Passwords matter. It's even been reported that scores of accounts on Equifax's website were protected by the same generic username and password: "admin."
Installing a password manager is an important and relatively easy step to take company-wide. Employees help share that responsibility and should be trained on using effective passwords and how often to change them.
Point Person
Cyber-security efforts are not a "set it and forget it" circumstance. Hire an internal security expert or work with your IT consultant to manage your software, hardware, employee training, and monitor employee compliance. This person can also help determine the holes in your system and the best solutions to resolve them. Establishing a security consultant will be invaluable and save you quite a bit of money and frustration down the road.
Promote
Stories like Equifax are the perfect excuse to remind employees of your policy. Create a series of internal emails that include details about the most recent scams circulating and high-profile security breaches. Keep security top-of-mind with reminders about your policies, including reminders to change passwords. Make sure part of that education includes learning which documents are confidential or sensitive and what the expected responsibility for that person is.
Along the way, it's always very important to back up all your data and files and have a contingency plan when something goes wrong. If this latest big corporate breach taught anything, it's that these circumstances are not a matter of "if," but "when."
If you're ready to prevent and minimize damage from a security breach at your SE Michigan business, call Dan Heimler, UTEC sales director at (734) 434-5900 or email him at dheimler@utecit.com.