Yes it CAN Happen to You! Protect Your Business From a Cyber Attack!

We hear about it on the news occasionally.  A major company’s database has been hacked and sensitive information belonging to hundreds of thousands of customers has been compromised.  It’s a horrible thing, but we really only hear about it when it happens to a large company, leading smaller businesses to believe that they’re not big enough to make it worth the effort for a hacker to attack.  But that’s not true at all.  According to research done by Symantec and the National Cyber Security Alliance, cyber attacks cost small businesses an average of $188,242 a year.  Even more shocking is that nearly two-thirds of the businesses that had been attacked went out of business within six months!

That’s pretty scary.

Meanwhile, as you’ve lost everything you’ve ever worked for, the bad guy is driving a fancy car and eating at restaurant you couldn’t afford in your wildest dreams, bought with the customer information you stored in your database.  These guys are clever and ruthless and you’ve got to protect yourself, your livelihood, and your customers from these predators.  Here’s how.

Data Encryption

Any important data you may be storing like bank routing numbers, credit card accounts or social security numbers is very enticing to criminals.  That’s why it’s critical to make sure that data is encrypted while it is en route or in your possession. Data encryption prevents intruders from reading private information. If someone does manage to capture a message or bit of information, they only see scrambled, unreadable gibberish.  Your eCommerce website that takes payment info needs to do so in an encrypted channel using a certificate.

Once the payment info is on your servers, most current operating systems have full disk encryption tools already.  It only takes a few minutes to activate the feature and it will encrypt every file and program on your drive.  Local file encryption only works when you’re logged out of your computer (otherwise you couldn’t read the files yourself) so make sure you log out when you’re not using it.  That also means that viruses and malware, which operate with your credentials, can also read encrypted info, so encryption really only covers you from “outside” attacks or data interception.

I would even recommend that it’s best to use a third party processor to manage sensitive financial data.  PCI compliance is difficult to maintain and it requires daily server scans among other things.  It’s just not cost effective for a small business to try to manage these things alone.

Lock down your network

If you have a Wi-Fi network, you could become a victim of what’s called “wardriving.”  Criminals outfit their cars with very large antennas and drive around scanning for unlocked networks.  Once they find a vulnerable Wi-Fi hot spot, they can scour your machines for passwords and financial data.

Of course not having Wi-Fi service at all is the only foolproof way to protect yourself, but if you decide you really want to have a wireless network, make sure you immediately disable the service set identifier or SSID.  It’ll create a cloaked network that is only accessible to people who are authorized to use it—people who already know the SSID.  Also, keep your Wi-Fi updated to the latest encryption standards (to prevent interception of data) and have a very complicated password (to prevent account compromise). Choose a nonsense word with punctuation, capitals and numbers in it and change it every few months.

Have anti-malware and anti-virus protection

Spam emails and harmful websites abound.  Malware is responsible for nearly half of all data breaches.  It installs code on your machine that runs in the background, recording your keystrokes and feeding passwords and login information to hackers.  You get it by downloading something from a sketchy website or opening an email attachment from an unknown or compromised source. Make sure you keep your programs and operating system up to date at all times.  Make sure you perform updates as they’re released since they’re designed to keep up with all the new ways hackers are getting in to do their evil deeds.

Older, unpatched and unupdated equipment is a playground for bad guys, so be sure you’re up to date.

Hire Security for help

If you’re not sure you can handle things on your own, don’t hesitate to hire an outside expert to help you. There are many reputable Internet-based data-security vendors who can take the burden off of you as a business owner and make sure you’re protected.

This is by all means far from an exhaustive list of everything that you can do to stay safe, but it’s a starting point.  If you feel like this is beyond what you have the time or inclination to handle, hire someone to help you.  Don’t let the bad guys win!

Leave a comment

Avatar About the Author:

previous arrow
next arrow