Last year, we published a blog on basic security precautions and how to keep thieves and hackers at bay. The mentioned blog was targeted at individuals and the general public, with the primary message of prevention being worth much more than a cure. This year, the focus will be on businesses and how one can protect their data from cybercrime.
It’s important to note that while prevention is crucial and needed, 100% prevention is impossible and any company that claims otherwise is not being truthful.
Cybercrime is increasing at a drastic pace each day, and many businesses are struggling to handle it. Today, business owners have more reason to fear hackers and cyber criminals than burglars that come to your store. The loss of your data and sensitive information can cause irreversible damage compared to the loss of property. While many insurance companies do cover cybercrime and intellectual property, it is difficult to gain trust and reputation back from such an incident.
A common mistake with small to medium business owners are thinking that they are too small to be targeted, which leads to less effort being put towards protecting themselves. According to Keeper Security’s 2019 SMB Cyberthreat Study, 66% of business leaders at SMB’s don’t believe that they will be affected by cybercrime. For this reason, small businesses are a prime target for attackers.
Here are some interesting statistics on cybercrime from last year:
- Ransomware attacks on businesses occur every 14 seconds in 2019.
- Cybercrime will cost up to $6 trillion annually by 2021.
- 43% of cybersecurity attacks are directed at small businesses.
- Hacker attacks occur every 39 seconds.
- Public administration organizations in 2019 received one malicious email for every 302 emails.
- IoT devices can be hacked within the first 5 minutes of connecting to the internet
While the above may seem alarming, there are many ways that you can protect yourself from attacks. Below are 7 tips that every business owner and leader should be aware of:
- Software updates
Attackers often look for exploits within your system and software. It is imperative to constantly keep abreast with the latest patches and updates. Make sure that all the software used in your company is on the latest version.
- Train and educate your staff
Human error plays a large part in cybersecurity. Over 90% of security breaches happen through an employee who unintentionally gives access and information to an attacker. You can be up to date with the latest security software and still be at risk of an attack. For this reason, it is important to train your staff about cybercrime and security, especially when it comes to phishing emails and weak passwords.
- Encryption is key!
Data is typically a company’s most valuable asset and protecting it should be as important as protecting your physical offices. It is advisable to keep your data as safe as possible within your system. This can be done by dividing it into segments, adding extra layers of security and encrypting it so that even if it is accessed, it cannot be used as effectively. A common mistake is storing the keys that you use to encrypt your data in the same place as where the data is kept, this should never be done as it renders the encryption useless. Lastly, remember to constantly back up your data as you never know when you will need to restore something.
- Third-party risk
If your business has to work with a vendor or a third-party, make sure to always assess the risk involved. This can be done by adding strict criteria to the vetting process and paying attention to their security defenses. Be sure to ask important questions about how they handle and protect their own data, as well as your own. Remember, you are only as strong as your weakest link.
- Utilizing a virtual private network (VPN)
A VPN will help you create a secure connection to your business servers, and prevents people on the internet from intercepting your data. In the modern age, every employee will have their smartphone or laptop at work with many having direct access to the work server. Creating a safe network with a VPN will help you deter hackers and cybercriminals from seeing your unencrypted data in the first place.
- Manage user privileges and set up limitations
Every business needs to know which employees have access to what, in terms of rights and privileges within the organization and network. High-level system privileges should be meticulously monitored and controlled. The best measure is to work by least privilege, this is the bare minimum access a person needs to function in their role. Additionally, employees should not be able to install software without authorization and approval from a system manager.
- Threat monitoring
It is advisable to set up a complete 24-hour monitoring system, that can help you notice suspicious activity and even attacks before they can escalate and cause further damage. Utilize popular software to monitor or consult a third-party specialist such as a Security Operations Centre. A common saying is “Prevention is ideal, but detection is a must”.
Ransomware
One of the most common and dangerous forms of cybercrime, where attackers encrypt your data and files and demand payment in order to decrypt and release the data back to you. Each year, more and more business fall victim to ransomware attacks. Last year, a staggering R115 billion was spent by SME’s and large corporations to ransomware attacks. For more information and tips on how to avoid ransomware, read our latest blog on the matter.
To conclude, use the above tips and recommendations to keep your business and data safe from a cyber-attack. The solutions will depend on certain factors of your business, such as the field of work, number of employees, location of the business, etc. Utilize and adapt the cyber defense tactics to suit your business needs and prepare yourself for the future.
