Keeping your company's data off the Dark Web
Every day, armies of anonymous cybercriminals are working to steal your personal and company assets. When successful, your sensitive data shows up on the Dark Web, the internet back alley where hackers trade, sell and exploit credit card numbers, passwords, Social Security numbers, etc. for illegal purposes. Other cybercriminals breach your system and hold your data for ransom until payment is released. Others glean passwords, then try them anywhere they think the owner has an account, often with devastating results.
Unfortunately, for small and mid-size businesses, it's not a matter of "if," but a matter of "when" your company will become cybercrime victim. Statistics from the American Federation of Scientists say less than one percent of businesses are fully protected from cybercrime and one in five small businesses will suffer a data breach this year. The good news is that the majority of breaches can be prevented with today's technology solutions.
If your business uses PII (personal identifiable information), PHI (personal health information) or PCI (payment card industry), airtight security is obvious and ongoing concern. The rest of us, though, also hold data in our active or archived files with information that would certainly be desirable on the Dark Web.
Knowing your vulnerabilities is key. Many IT companies offer a security assessment that systematically tests your organization's infrastructure for weaknesses, just like a hacker would. They can even bait your employees to see how easily they reveal sensitive information in responding to a hoax or suspicious message. Beyond that, there are three actions all businesses can perform today to increase their cybersecurity.
Perform Backups, the right way: Backups must have proper location, configuration and monitoring. Data should be configured to restore at a moment's notice. Since on-site storage is susceptible to natural disaster and off-site data storage may take longer to restore, it's safest to have both local and cloud backup. Also, both must be monitored to ensure they happen as scheduled. Hiring a qualified IT professional for this task is a worthwhile investment.
Perform Action Items, right away: Even if you feel like you just did an update, don't ignore your connected device's request for another. Just ask Equifax, who waited to install a security patch and was breached a few months later. One of the greatest data breaches in history could have been prevented with a simple, timely update. Don't delay your updates!
Perform The Right Prevention: Most companies have an anti-virus or anti-malware installed but there are more sophisticated ways to prevent cybercrime. Dark Web monitoring services alert you if personal information, including passwords, come up for sale. Email monitoring services can immediately alert the user if and when their account is compromised. Sometimes cybercriminals threaten to encrypt data but an IT professional can confirm a problem actually exists before you release a ransom. In everyday computer use, use different passwords for every account so if one is breached, others stay safe. VPNs are not a safeguard against cybercrime in public places; your Wi-Fi hot spot is safest. Text messages containing passwords, garage codes, etc. are not safe from interception! Use applications, such as Signal, that encrypt information between the sender and recipient.
If you ever find yourself victimized by a cybercriminal, call an IT expert right away. However, having the right measures in place can reduce a possible catastrophe to a mere annoyance and keep your business moving along safely and securely.
•Jeff Reiter is the founder and CEO of RWK IT Services in Frankfort, a provider of outsourced IT service and software application design and delivery.