Cybercrime is a threat to your business. Long gone are the days when rogue software was created by programmers for fun. The truth is, inadequate IT security will hit your bottom line. According to F-Secure, 87% of SMEs suffered some sort of security breach over the past year. 63% were attacked by unauthorised outsiders and 23% were hit by denial-of-service attacks. 79% of these victims were targets of opportunity.
And any one of these victims could have been you. But there are more than 180 million unique strands of malware out there. And new viruses are being developed every day. So what can you do? How can you avoid a cyber attack?
1. Choose Your AV Wisely
Anti-virus software is more complex than you might think. It has to be. Computer viruses are mutating all the time and the protection companies need to act fast to stay a step ahead of the cybercriminals. Anti-virus software works as a community.
When new strands of malware hit your systems it blocks entry, quarantines the virus and sends it back to the AV labs for testing and breaking. The software is then automatically updated to ensure that all users are protected against that strain of malware. So you need to choose your anti-virus software carefully.
Use anti-virus from a reputable brand (F-Secure, Symantec, McAfee for example) and make sure you keep it updated. A centrally managed AV solution will run these patches automatically for you. Failure to run updates will leave holes in your security that could let the hackers in.
2. Backup Your Backups
We all know the importance of backing up our data, but we don’t all do it. You’d be surprised the number of businesses we come across as an IT company that don’t take backup seriously. Or have a solid backup plan in place, but neglect to run the backups. Or keep the backup drive on top of the server.
Data backup is part and parcel of your security solution. It’s just as crucial as your AV so you need to get it right. An automated, remote offside backup is best practice. It duplicates your data in a secondary location thus avoiding a total loss in the event of a disaster that destroys your server – think fire, flood, theft, equipment failure. It also schedules automatically, removing the risk of you forgetting to run a manual backup.
3. Secure Your Cloud
With cloud computing and virtual solutions becoming increasingly popular, they of course become increasingly interesting to cyber-criminals. Any cloud provider worth its salt will provide a secure environment that keeps your data away from the prying eyes of hackers. In fact, it’s a myth that cloud environments are more open to security breaches than on premise solutions.
The datacentres that store your hosted data when you opt for a cloud solution are practically indestructible. (Assuming you choose a reputable cloud provider of course.) 24/7 security staff, motion detection, key fob access, air conditioning, smoke and fire protection, power generators, National Grid feeds…a multi-layered line of defence. So when you think about it, your data is probably safer in the cloud than it is in your office.
4. System Error Versus User Error
Computers don’t make mistakes, people do. Your staff are without a doubt the weakest point of your IT security protocol. And you need to be aware that mistakes can, and probably will, happen. Make sure they’re all up to date on your security procedures and keep reminding them that they need to take responsibility for their online actions. Employees need to watch what they click on, be wary of attachments, links and downloads, avoid online advertisements, don’t give ridiculous permissions to apps, keep away from “dodgy” websites…. It’s common sense but people will need reminding.
5. Be Password Protected
Believe it or not, the two most commonly used passwords are ‘Password’ and ’123456′. Seriously. Talk about making it easy for the hackers. Make sure that you have a solid password policy in place within your business and that all staff adhere to it. Passwords should be alphanumeric, at least 14 characters and changed regularly.
They should never be written down and you should use a different password for each system that you use to avoid a mass security breach in the event of a password being stolen. Avoid memorable dates such as birthdays and anniversaries. A quick look at your social media profile could easily give this information to a cyber-criminal and these types of passwords really aren’t difficult to crack with hacking tools.
And secure your Wi-Fi. Use WPA2 (WiFi Protected Access II) encryption rather than WEP (Wired Equivalent Privacy) – WEP is easier to crack. If you do fall victim to a cyber-attack or suspect you have a virus on your systems you should contact your IT provider immediately. If you don’t have an IT support company or you’re confident with the anti-virus software then run a clean-up to scan and remove any malware. But you’ll need your systems looking at by a professional as well, to make sure no serious damage has been done.
According to the Contingency Planning Research and Strategic Research Corporation 43% of companies experiencing disasters never re‐open, and 29% close within two years. Don’t be mistaken in thinking that your data isn’t of any interest to hackers. Trust me, it is. Your data is your lifeblood and you need to protect it. Never underestimate the value of your livelihood to the dark and sinister world of cybercrime.