Hackers are targeting small businesses. They are far easier
to steal valuable data from then larger enterprises. Most small
businesses do not have a full time IT department to keep their computers
up-to-date and secure against intruders. Small business owners may
feel they are too small for a hacker to even bother with, but they are dead
wrong. It is almost impossible for a small business to recover from
a data breach.
When a small business gets hit, they must inform all of
there customers, employees and vendors that they did not protect their
privacy and the information could be in the hands of a
criminal. Customers end up taking their business elsewhere, and
employees find a new employer and could sue the company for
damages. Finding new customers with a tarnished reputation is
hard. Within months, the small business can be forced to close their
doors forever.
By taking these five critical steps, small businesses can harden their
systems against attack. No computer is impenetrable. But
most hackers rely on scanning millions of machines to find the weakest to
attack. By ensuring a computer is slightly harder to hack into than
most other computers, a small business has a better chance of staying out of a
cyber criminal's radar.
Upgrade and patch the Operating System
Even unskilled, kiddie hackers can search the internet and find issues
with current operating systems. Hackers have released free tools and
software that anyone can download. Anyone, even those without
technical skills can use these applications to scan the internet for any
computer that has an operating system that is not patched and
upgraded. Detailed instructions are available on how to penetrate
and unpatched system. If a business computer does not have the
latest operating system and patches, any hacker can easily walk in and steal
the data without the business even knowing it happened.
Train users on proper email etiquette
Phishing and other types of attacks are easily launched to millions of
unsuspecting users daily by flooding email boxes with emails designed to trick
the user into clicking a link. Once the user clicks this link,
malware and other destructive software get automatically downloaded onto the
machine. This software could blatantly cause damage, or it can
secretly run in the background. Sending all data and capturing
everything done on that computer for the hacker to steal for years.
Phishing attacks have become so elaborate that it is tough to decipher
if an email is legitimate or fake. Provide training to
employees to handle email links with caution and provide a way the employees
can ask questions and get help if they need it. If a link has been
clicked, provide a policy on how to limit the amount of damage that can occur
and how to get back to safety as soon as possible.
Scan for both malware and viruses regularly
There is a difference between malware and viruses. Small
business computers usually have a standard antivirus program installed to protect
against infections. These scanners do not always catch harmful
malware; they are not designed to do so. Malware can take many
forms, and unless a business owner is explicitly looking for the correct
signatures deep in the recesses of the hard drive, malware is extremely
difficult to notice and remove. Some malware will thread itself
throughout the hard drive, making removal a complicated and challenging
process. Businesses should use professional antimalware software
frequently to keep the system clean of issues. An added benefit of
this precaution will be a computer that runs faster due to not having extra
programs stealing resources.
Create a strong password policy
Everyone struggles to remember passwords. It is the best
practice to use a different password for every login, which is difficult for
many users. To make signing into applications easier, people will
often use the same password for everything. When this happens, a
hacker only needs a way to steal one password for the weakest system, and they
will own the keys to every site and application for which they use that
password.
A strong password policy begins with frequently changing all
passwords. It takes time to crack a password. If the
password gets changed regularly, there is not enough time for a cybercriminal
to crack the password. Along with changing passwords frequently,
users should choose strong passwords with lower case, upper case, numbers, and
symbols. Users should never use the same password for more than one
site. Passwords can be easily manageable with a password vault, a
program that allows a user to store every password. When they need to log in,
they copy it from the vault; there is no need to memorize hundreds of
passwords.
Keep all software upgraded and patched
Java and Adobe are notorious for harmful exploits and these programs
work hard to push out critical patches and upgrades to close any loopholes in
the code that hackers use to gain access to a computer. It is as
vital to patch all of the software used on a computer as it is to update the
operating system. It is a little more difficult because the users
must know what software they are running on the system and also know how to get
the latest release when it is released.
Upgrading software takes time and considerable effort. It is
so easy to click no when a program asks permission to download the latest
version. But any software running that is not patched is an open
door a hacker can walk right through. A policy should be created and
followed to upgrade all software when a release comes out, or upgrade at
regular intervals that make sense to the business, such as at night or on
weekends, to avoid disrupting normal business activities.
One warning to remember when upgrading or patching is incompatibility
issues. All software on a system must be able to interact with the
other software on a system to work correctly. It is normal to
upgrade one program only to find out that a different program no longer
functions properly. Daily maintenance of a good backup system is
critical to the prevention of such issues. If an upgrade, virus,
malware or anything else causes a significant problem, the system can be
restored to order with the last backup and users can continue working.
By following these simple security procedures, many small business
computers can be harder to attack than most systems on the
internet. These computers will not show up in scans run by
hackers. Significant vulnerabilities will get fixed, and machines will run
faster. Each of these items does not require expert technical
skills, and if these are a challenge to perform, business owners should hire a
security specialist to regularly harden the office computers to keep sensitive
business data safe.
If you need help securing your network call us at 877.860.5831 x190
Robert Blake
No comments:
Post a Comment