Proactive steps to protect your business from a cyberattack

Countless companies unwittingly do risky things everyday that put their business in imminent danger of hack attacks.

Installing an antivirus program is not a comprehensive IT solution. Protecting your company’s invaluable data and customer information needs to be a top priority, not an afterthought.

While we can’t completely prevent these types of attacks from occurring, there are proactive steps users and businesses can take to better protect their data and computers. Smarter businesses realize that every one of their computers, laptops and servers should have the essentials suite: antivirus, backup, patching and monitoring.

There are thousands of computers across the world running automated tools to compromise the servers and accounts of individuals and businesses. But hackers can also apply a human touch through social engineering. If an employee responds to a phishing email — an urgent request that seems to come from the CEO, or a file that appears to be a sales report — the entire business can be compromised.

For example, there has been explosive growth in business email compromise attacks. This is the most common attack that generally targets specific employees of a firm, usually in the finance department. 

Employees believe that they’re dealing with an invoice from a vendor the company regularly does business with and agree to send large sums of money. This is typically via wire transfer to what appears to be a legitimate vendor account, but it’s actually controlled by the attackers.

Preparation is key to surviving. Expecting to deal with a hack after it occurs is a fool’s game and compromises the business and customer data. Ask yourself how much business will your company lose if you can’t use your computers for a few days due to a virus?

Preventing a data breach is even more crucial for small businesses. According to a 2017 study by the Better Business Bureau, a data breach could render more than half of all small businesses insolvent within a month.

A solid security plan to mitigate a data breach needs to include having trained internal and/or external resources like an IT team, consultant or vendor who will provide planning, implementation, management, testing/auditing, and compliance for the following:

Comprehensive employee tech training  — From securing company tech devices when off premises to frequently changing passwords, every single staff member needs to be educated about possible vulnerabilities in their day-to-day interactions.

Encryption protection — If your company sends sensitive information electronically, encryption is a necessity. There are many tools available, but unfortunately setting them up is still a job for an IT professional.

Once they’re setup, however, it’s as easy as typing ENCRYPT in the subject line of your message and the email system takes care of the rest. Encryption is also available for data stored on your hard drives. Mobile devices and computer operating systems now allow the entire hard drive to be encrypted in a way that is transparent to the user. Without it, your data is vulnerable.

Up-to-date software — Unpatched or outdated software can expose risk as much as not having antivirus. Keeping software up to date closes security holes being exploited by hackers.

Backup and recovery plan — Implement a solid backup plan. First determine what needs to be backed up: documents, databases, etc. Determine retention requirements, choose a schedule and methodology, as well as the technology, product and vendor. Establish a data restore protocol and schedule and review regularly.

Don’t have a false sense of security by thinking you can “set it and forget it.”

Eric Buhrendorf is the CEO and senior consultant of EVERNET Consulting LLC in Hartford.

Comments are closed.