7 Security Protections Every Business Must Have in Place NOW to Protect Against Cybercrime

7 Security Protections Every Business Must Have in Place NOW to Protect Against Cybercrime
Cybercrime is so widespread that it’s practically inevitable that your business – large OR small – will be attacked. However, a few small preventative measures CAN PREPARE YOU and minimize (or outright eliminate) any reputational damages, losses, litigation, embarrassment and costs.
1. The #1 Security Threat to ANY Business Is…You! Like it or not, almost all security breaches in business are due to an employee clicking, downloading or opening a file that’s infected, either on a website or in an e-mail; once a hacker gains entry, they use that person’s e-mail and/or access to infect all the other PCs on the network. Phishing e-mails (an e-mail cleverly designed to look like a legitimate e-mail from a website or vendor you trust) are still a very common occurrence – and spam filtering and antivirus cannot protect your network if an employee is clicking on and downloading the virus. That’s why it’s CRITICAL that you educate all your employees in how to spot an infected e-mail or online scam. Cybercriminals are EXTREMELY clever and can dupe even sophisticated computer users. All it takes is one slipup, so constantly reminding and educating your employees is critical.
On that same theme, the next precaution is implementing an Acceptable Use Policy. An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the websites employees can access with work devices and Internet connectivity. Further, you must enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what websites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others. 
Having this type of policy is particularly important if your employees are using their own personal devices and home computers to access company e-mail and data. With so many applications in the cloud, an employee can access a critical app from any device with a browser, which exposes you considerably.
If an employee is logging in to critical company cloud apps through an infected or unprotected, unmonitored device, it can be a gateway for a hacker to enter YOUR network – which is why we don’t recommend you allow employees to work remote or from home via their own personal devices.
Second, if that employee leaves, are you allowed to erase company data from their phone or personal laptop? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised? 
Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured, but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.
2. Require STRONG passwords. Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. Requiring a 6-8 digit passcode on a cell phone will go a long way toward preventing a stolen device from being compromised. Although iPhones are encrypted by default, some Android devices are not. Find the setting and encrypt your Android mobile device. Again, this can be ENFORCED by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at risk. Are they? If you and your employees are not being forced to do a password reset every 60-90 days, THEY ARE FAILING YOU.
3. Keep your network and all devices patched and up-to-date. New vulnerabilities are frequently found in common software programs you are using, such as Adobe, Java, Flash, Microsoft or QuickTime; therefore, it’s critical you patch and update your systems and applications when patches become available. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about an employee missing an important update.
4. Have a Business-Class Image Backup BOTH On-Premise and In the Cloud. This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally (or intentionally!) deleting or overwriting files, and against natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!
5. Don’t allow employees to access company data with personal devices that aren’t monitored and secured by YOUR IT department. The use of personal and mobile devices in the workplace is exploding. Thanks to the convenience of cloud computing, you and your employees can gain access to pretty much any type of company data remotely; all it takes is a known username and password. Employees are now even asking if they can bring their own personal devices to work (BYOD) and use their smartphone for just about everything. 
But this trend has DRASTICALLY increased the complexity of keeping a network – and your company data – secure. In fact, your biggest danger with cloud computing is not that your cloud provider or hosting company will get breached (although that remains a possibility); the biggest threat is that one of your employees accesses a critical cloud application via a personal device that is infected, thereby giving a hacker access to your data and cloud application. 
So if you ARE going to let employees use personal devices and home PCs, you need to make sure those devices are properly secured, encrypted, monitored and maintained by a security professional. Further, do not allow employees to download unauthorized software or files. One of the fastest ways cybercriminals access networks is by duping unsuspecting users into willfully downloading malicious software by embedding it within downloadable files, games or other “innocent”-looking apps. 
But here’s the rub: most employees won’t want you monitoring and policing their personal devices; nor will they like that you’ll wipe their device of all files if it’s lost or stolen. But that’s exactly what you’ll need to do to protect your company. Our suggestion is that you allow employees to access work-related files, cloud applications and e-mail only via company-owned and monitored devices, and never allow employees to access these items on personal devices or public WiFi.
6. A Business-Class Firewall and Proper Updates. A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But all firewalls need monitoring and maintenance, just like all devices on your network, or they are completely useless. This too should be done by your IT person or company as part of their regular, routine maintenance.
7. Protect Your Bank Account. Did you know your COMPANY’S bank account doesn’t enjoy the same protections as a personal bank account? For example, if a hacker takes money from your business account, the bank is NOT responsible for getting your money back. (Don’t believe me? Go ask your bank what their policy is on refunding you money stolen from your account!) Many people think FDIC protects you from fraud; it doesn’t. It protects you from bank insolvency, NOT fraud. 
So here are three things you can do to protect your bank account. First, set up e-mail alerts on your account so you are notified any time money is withdrawn. The FASTER you catch fraudulent activity, the better your chances are of keeping your money. In most cases, fraudulent activity caught the DAY it happens can be stopped. If you discover it even 24 hours later, you may be out of luck. That’s why it’s critical that you monitor it daily and contact the bank IMMEDIATELY if you see any suspicious activity. 
Second, if you do online banking, dedicate ONE computer to that activity and never access social media sites, free e-mail accounts (like Hotmail) and other online games, news sites, etc., with that PC. Remove all bloatware (free programs like QuickTime, Adobe, etc.) and make sure that machine is monitored and maintained behind a strong firewall with up-to-date antivirus software.
And finally, contact your bank about removing the ability for wire transfers in or out of your account and shut down any debit cards associated with that account. If you must do wire transfers setup a second account for wire transfers only and maintain a minimum balance. These things will greatly improve the security of your accounts.

Comments

Post a Comment

Popular posts from this blog

How SMBs Can Utilize the Cloud To Build Their Business

Image
How SMBs Can Utilize the Cloud To Build Their Business There has been a lot of talk lately about the cloud and its ability to put small to midsize businesses (SMBs) and startups on a level playing field with large global enterprises. Can this be substantiated or is it a load of trendy hype to push SMBs to cloud-based solutions?  We’ve compiled this breakdown of how the cloud can be used to boost profitability. The Convenience Factor It once took smaller companies and startups weeks to launch and configure their own IT infrastructure. Doing so also required a ton of overhead costs. Today’s cloud technology provides the benefits of this very same infrastructure but on an as needed and on-demand basis. SMBs can build a technology infrastructure for themselves online in less than a minute. For example, a smaller agency that provides apps for its clients, can turn to a Platform-as-a-Service (PaaS) cloud provider. A PaaS provides companies an environment that enables them to more e
Read more

The Good, The Bad, and the Ugly of Mobility and BYOD

Image
The Good, The Bad, and the Ugly of Mobility and BYOD There are a lot of advantages to mobility in today’s workforce, but the Bring-Your-Own-Device (BYOD) movement has also brought its share of headaches as well. We live in a society where everyone must have the newest technology. We are inundated with ads reminding us that the smartphone or tablet we just bought a year ago is laughably outdated and inferior to the upgrade that just hit the market. People who have just bought the latest technology don’t want to have to set it aside to use a separate company-issued device. As a result, businesses are beginning to grant these employee-owned devices access to their file and email servers, databases, and applications. While this brings certain competitive advantages to employers, it naturally carries many risks, too. Let’s begin with the pros of BYOD... The Advantages of BYOD Greater Flexibility and Productivity - Personal devices allow workers more flexibility, which in turn can
Read more

Why More SMBs are Turning to the Cloud to Reduce TCO

Image
Why More SMBs are Turning to the Cloud to Reduce TCO More small and mid-size businesses (SMBs) seem to be taking the initiative to learn more about the benefits of the cloud.   Determining why SMBs have this sudden keen interest in the cloud isn’t all that tricky. If you shouted, "Cost Savings!" in a room full of SMBs, you'd undoubtedly be the center of attention. And it seems as if this is also the motivating factor as to why more SMBs are looking into cloud-based solutions to reduce expenditures. Although it seems like an oxymoron to recommend investing in new technology to control costs, cloud-based solutions can be leveraged for a greater return on already inevitable operational expenses. By enhancing productivity and overall efficiency, the cloud could help spur business growth and profitability. Here are few of the reasons more SMBs are opening up to cloud-based solutions... Containing Costs – This is the big one. Every SMB wants their business to grow
Read more