Don’t want to be one of the many companies – two thirds of all those hacked – that end up out of business within six months of a cyber attack? Then take some action right now to put six simple steps in place. The National Cyber Security Alliance discovered in its 2012 National Small Business Study that a staggering 87 percent of small businesses had no formal cyber security plan and 69 percent didn’t even have something that might be called an informal security plan. If you are one of these companies, you are an attractive prospect for hackers, who much prefer targets of opportunity and don’t like to have to work too hard.
Any data that you store – credit cards, employees’ Social Security numbers and bank account details – should be encrypted. This is basic information cyber crooks want, and it’s vulnerable when it is sitting at rest. Most current operating systems on computers have standard full-disk encryption tools. Once you activate this feature, it automatically encrypts every file and program without any real lag in performance. The system only kicks in when users are logged off, which means cyber criminals can try to hack in while your systems are running. To get the best out of the automatic encryption process, set all computers to automatically log off after 10 or 15 minutes.
Lock Down Computer Hardware
Some thieves like to make off with your computers and hack into them off-site. Make their job harder. Lock down office computers, keep server room doors closed and locked. If you rely on laptops or iPads, installing covert tracking software could be a worthwhile investment.
Secure Your Wi-Fi Networks
Crooks can easily detect unlocked or poorly protected Wi-Fi networks. If you can avoid having a wireless network, do so. Use a wired one. If you do use wireless, disable the service set identifier on the wireless router to hide the network from anyone who does not have the exact network name. Keep your Wi-Fi updated to the latest encryption standards – the old versions were cracked years ago.
Invest in Current Anti-Malware and Anti-Virus Protection
Malicious software and viruses remain the single biggest threat to computer security. Arriving via spam emails or harmful websites, malware can install codes that run in the background to capture key strokes and login data. Most anti-malware is reactionary in nature – developed after a breach has occurred somewhere. It’s vital to keep your anti-virus and anti-malware protection up-to-date, to be alert to scams, phishing and email spoofing, and to install browser updates promptly.
Every business needs a formal Internet policy that explains appropriate online activities for employees and defines prohibited ones. It is important that you make it clear that company policies are based on your Network Security Plan, designed to keep the company’s data safe. You may wish to limit employee access to personal email or social media on their own smart phones, requiring that they use their own connections and not the company’s Wi-Fi. You might also prohibit staff from downloading or opening attachments that don’t relate to company business.
Hire Outside Help
For some businesses, it makes sense to retain an Internet-based data-security firm to maintain and keep IT systems safe remotely. As more day-to-day business involves cloud-based computing, this option makes sense for more companies. Some small business owners simply prefer not to deal with the possible liability of a cyber attack. If you go this route, make sure you understand what the contractor will take responsibility for in the event of data loss.