A friend of mine sent me an article this morning and I found it very interesting. The article was dealing with Cyber Security and the threat cyber attacks pose to every business. In the article, DHR International states that only 37 percent of boards have a plan in place in regards to cyber security and 58 percent don’t practice for a potential breach. I was surprised because news organizations cover most major breaches. We hear the stories of the many millions it costs places like Target and Michael’s and the Federal Office of Personnel Management.
“What do you currently have setup?”
The first thing you need to do is to assess where you are at. If you don’t have a baseline, it’s hard to know how to improve. Some of the things you should look at are:
- Do you have a UTM Firewall? UTM stands for Unifed Threat Management. A UTM firewall is because the firewall can scan the data coming into your network for malicious code. Does the firewall block all incoming and outgoing ports except the ones you use? Most firewalls block the incoming ports but they allow anything to go outbound. This is dangerous because once you have malware on your computer, you want to block it from being able to send information out.
- Do you have updated Anti-Virus in place? Does the anti-virus include anti-spyware and anti-malware? I see many many computers that don’t have A/V installed or don’t have it up to date. It is very inexpensive to have a managed anti-virus service. How much will it cost you if someone hacked you with a simple virus that would have been caught with updated anti-virus?
- Do you allow your employees to access email on their phone? Do you have policies in place to force a passcode on that device? What information is in your email that you don’t want others to get? Most email systems can deploy simple security measures for mobile devices. I recommend either Office 365 or Google Apps for work because both include mobile device policies.
- Do you require a password that is managed centrally on all computers and laptops? If your employees take their laptops with them, you want to make sure that they have a secure password that can’t be cracked and possibly even consider encrypting the hard drive. Secure passwords are ones that are random and only mean something to you. You should use uppercase, lowercase, numbers, and symbols. Also, try and make all of them slightly different. Password databases like Keepass can help you keep all your passwords in one place. Just make sure the password locking that database is difficult and long.
“Cyber thieves attacked our business! Now what?”
Ok so your business has a cyber security plan in place. You have also implemented the items above. Now what? Since no measures are full proof, you need to plan for the attack in the event it occurs. The first thing you need to do is gather as much information on the attack as possible. You will need a security professional to determine what was taken and who was affected. You will need this information to communicate to those affected that their information was taken. The sooner you get this communication out the better. It will help your clients to protect themselves from further damage and may even prevent damage to their accounts all together. The last step is to make sure you fix whatever allowed the hacker to get in because they will try again.
“Wow! I have a lot to think about!”
I know this was a lot of information but the goal was to inform and allow you to start thinking about your business and ways that you can protect it from a cyber attack. If you need any help, please don’t hesitate to give me a call. I worked for a banking institution for many years and understand the ins and outs of security and what it takes to protect your business.