No holiday from the hackers -- what every business owner should know
Summertime is when we look forward to our vacations -- employers and employees alike.
But in preparing for our "down time," it's important to remember that cyber criminals never take a vacation, and it's important that we do everything we can to protect our company's infrastructure.
The number of hacks and breaches into company infrastructures continues to increase. Some experts believe there are more than 2,200 cyber attacks in the U.S. every day, or about one every 39 seconds. FBI statistics show that cyber crime costs businesses a collective $3 billion annually.
Even more alarming, the largest single cause of data breaches in an organization is human error -- somewhere around 90% of the time, most experts say.
It isn't simply the Fortune 500 companies that are in the crosshairs of hackers, although you might draw that conclusion based on what you see and hear in the media. Smaller businesses who believe they are somehow immune to hacking and theft of information (or blackmail) do so at their own peril.
Hackers are on the lookout for information from companies of all sizes. Once in the wrong hands, they can sell this information on the dark web, and that's where the trouble begins.
Hackers will first attempt to breach the network's perimeter, and in an overwhelming number of cases (more than 70%) it is due to simple or weak passwords. With email, the recipient is enticed to click on a harmless-appearing link, or ask the victim to provide access to confidential information such as bank accounts, credit cards and Social Security numbers.
Phishers rely on the politeness of their victims. Social manipulation savvy is their key to criminality.
So what can the small business owner do to protect his/her company infrastructure from these outside intruders?
1. Up to date anti-virus software: Be sure you have the latest -- including email security gateways that prevent many phishing emails from reaching your inbox, or those of your employees.
2. Appoint a person in the organization to research all emails that seem random, suspicious or contain odd-looking links. Train your staff to forward all suspicious emails to the "breach" officer.
3. Company culture is important. Your employees must all know how seriously you treat this threat.
4. Employee training is critical. Conduct regular sessions on how to identify suspicious attempts to hack into the system. Bring in cyber security experts to train -- and test -- employees to see how well they do. Part of the training for employees should include the words, "Verify first."
5. Part of that employee training is the company policy about storing company information on employee personal devices. This should be discouraged.
6. Does your company have a cyber security policy? That is to say, a list of how to respond in the event of a breach? Every business should have one, yet less than 50% of businesses in the United States actually do.
7. Work with a cyber security team that can test your infrastructure for vulnerabilities -- to discover the weaknesses before an actual attack and hopefully prevent one.
8. Change all of your passwords often -- and remember, "&^%r)(&@!" is infinitely preferable to "123456." Where possible, have two-factor authentication in place for access to sensitive data.
9. Consider carrying cyber liability insurance. Data breaches and hacks can be very costly, and you do not want your business being crippled by the financial hit that a breach can cause.
In all cases, it makes sense to partner with an IT firm with knowledge and expertise on the best ways to prevent damage to your infrastructure rather than trying to fix it after the fact. Knowing you are doing everything you can to keep your networks secure and safe will go a long way toward the peace of mind that will actually let you enjoy your summer vacation.
• Chip Miceli is president and CEO of Pulse Technology, www.pulsetechnology.com, specializing in IT and Managed Print Services. Reach him at firstname.lastname@example.org.