9 ways to protect your business from cyber attacks
By Flint Stephens
May 26, 2015 at 1 a.m.
In today’s world, every person or business with a computer, tablet or smartphone needs to be concerned about cybersecurity. Somewhere there is a hacker with nefarious intent who wants your client list, your business account numbers or even personal information about your employees.
Thankfully, many of the best steps you can take to protect vital data are easy to implement. Here are some recommendations from the Federal Communications Commission about how small businesses can protect themselves from cyber attacks:
- Provide security training
Set guidelines on Internet use, including penalties for violating company cybersecurity policies. Establish rules about how to handle and protect critical data.
- Protect computers and networks
One of the best defenses against viruses and malware is to maintain updates of security software, web browsers, and operating systems. Set antivirus software to automatically scan after an update.
- Protect Internet connections with a firewall
Enable the operating system’s firewall or install firewall software available online (you can get it for free). If employees work from home, make certain their home system also has a firewall.
- Have a plan for mobile devices
The FCC notes that mobile devices pose significant security challenges if they can access the corporate network or hold company data. “Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks.”
- Make and keep backups
This should occur at least weekly and copies should be kept off site or on the cloud.
- Control computer access
Don’t let unauthorized individuals access computers. Lock up laptops when unattended. Have separate accounts for every employee and only grant administrative authority to trusted IT staff and key employees. Don’t let employees install software without permission.
- Secure your Wi-Fi
If you have a workplace Wi-Fi network, keep it encrypted and hidden by setting up your wireless access point or router so it does not broadcast the network name. Protect router access with a password.
- Protect financial data
Check with banks and credit card processors to verify that anti-fraud services are in place. Isolate payment systems from less secure programs. Use a separate computer to process payments and don’t use it for Internet surfing.
- Maintain strong passwords
Require employees to change passwords regularly and teach them to create strong passwords. You can also implement multi-factor authentication that requires additional information beyond a password—especially for accessing sensitive data.
In an article for Computerworld, Nicholas Evans suggests that you also assess your existing digital exposure. “How many web sites are storing your credit card info? How many have an up-to-date card number and expiration date? Where do you have important documents, files, and videos across the web? … If there are particular sites that you no longer use, you may also want to delete your account profiles there.”
The U.S. Department of Homeland Security provides additional recommendations to protect against cyber attacks:
- Don’t provide personal information through email unless you contact the company directly and verify the legitimacy of any request.
- Pay attention to website URLs. Malicious websites often use a variation in spelling or domain suffix (for example, .com instead of .net) to deceive computer users.
- Don’t open any email if you question its authenticity and turn off the option that automatically downloads attachments. In fact, if you don’t know the sender personally, you should save any attachment to a disk and run an anti-virus scan before you open it.
The U.S. Computer Emergency Readiness Team advises anyone using a computer to remember the Internet is a public resource. “Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines.”
For those who want to know more, the Longview Chamber of Commerce is sponsoring a summit on cybersecurity June 18 from 11:30 a.m.-1:30 p.m. at the Pinecrest Country Club, 214 Club Drive, in Longview. Government and business experts will be on hand to explain how businesses can strengthen their security systems.