Protecting Your Business from Cyber Threats

In a matter of a few years, the Internet consolidated itself as a powerful platform that has changed forever the way we do business—and the way we communicate. There’s been a dramatic escalation of business computing environments, and the sheer volume of information has exploded. Today, data is being stored across a wide variety of servers, PCs and portable devices.


As companies have embraced the Internet, it’s proven to be a profitable frontier for cyber criminals. It’s no secret that cyber-intrusions are on the rise. High-profile hacks on military computers and corporate domains like Google and Microsoft have illustrated that new cyber-security challenges are emerging as fast as experts can combat them.


While it’s tempting to see cyber security as a problem unique to government agencies, large enterprises, or e-commerce players, cyber criminals are increasingly paying closer attention than ever to so-called “soft targets” such as small- and medium-size businesses (SMBs). Why? Because bad guys have learned they have more success attacking unguarded small businesses than comparable, enterprise-size companies that employ security fortresses.


What Types of Cyber Threats Are There?
There’s a range of information security threats. Some of the most common are website tampering, denial-of-service attacks, and malicious code and viruses.


Website tamperingtakes many forms. Simply defacing your website is one option, but criminals can also sabotage web pages with code that downloads spyware to your computer. The spyware is usually capable of performing a range of nefarious tasks.


A denial-of-service attackis an attack on a computer or website which locks the computer or degrades the system to the point where it is rendered un-usable.


Data theftcomes in several forms, including theft of laptops and computer files, inappropriate access to computer accounts, interception of emails or Internet transactions, phishing emails that trick you into giving away personal information and Trojan software, such as the recent ransomware attack, called CryptoLocker, which encrypts your data (scrambles the data using a unique algorithm) then presents a payment program for you to send a ransom to in order to decrypt the files. Another infamous attack, called Heart Bleed, allows hackers to steal credit card numbers, passwords, and other personal information from ‘infected’ websites. Although major social sites like Facebook and Tumblr have applied the necessary patches, many others might still be vulnerable.


Threats can be internal and external. External threats are most often perpetrated by experimenters and amateur hackers, hack-tivists who have personal or political agendas and cybercriminals who are just trying to steal your money. Yet, despite the broad range of external threats, internal threats—whether intentional or unintentional—account for 80% of small business security problems.


Employee Training Is Critical to Cyber Security


Cyber security is the comprehensive effort to protect computers, programs, networks and data from attack, damage or unauthorized access through technologies, processes and best practices. It’s important to remember that while there are costs involved in protecting information—there are also costs involved in NOT protecting information. Business interruption and downtime can be expensive.


The first step to protecting your business information is to establish security policies as well as an Acceptable Use Policy that outlines proper use of company-owned IT assets. It’s very important that security policies are comprehensive and up-to-date and that employees know and adhere to them.


Employee training is also critically important and should begin on their first day at work. Training should address safe Internet, email and desktop practices, and everyone should understand basic security do’s and don’ts.


The Viruses and Malware Menace
To protect against viruses and other malware, all devices including servers, PCs, laptops, tablets and smartphones should have up-to-date antivirus software. Security patches should be updated on a regular basis to keep pace with emerging schemes.


Businesses should also lock down their Internet connections with the latest software firewalls, and secure all wireless access points to prevent unauthorized access. Finally, companies should remember the importance of proper and safe disposal of old computers and media.


A Word About Data Backup and Disaster Recovery
Data backup procedures are essential for information security.  If the unthinkable were to happen, you’ll be glad you took time beforehand to test your backups and make sure they actually work. On more than one occasion, businesses have been in situations where they need to go to their backups only to find the backup is unusable. Finally, you should copy information offsite for safe keeping.


Consider ‘Hiring’ a Managed Service Provider


When it comes to cyber security, there’s a lot to consider. Whether because of budgetary constraints, lack of internal resources and expertise or the escalating number and sophistication of threats, SMBs should think about outsourcing the day-to-day management of their IT infrastructure to a Managed Service Provider (MSP) who has more sophisticated tools.


Recently, Gartner Research reported that 80% of IT spending is invested in simple systems maintenance. Consider the benefit of aiming your internal IT resources at projects that contribute to increased revenue and leaving the important, but repetitive daily housekeeping tasks to your MSP partner.

Leave a comment

Avatar About the Author:

previous arrow
next arrow