This week, as part of Cyber Security Awareness Month, we want to highlight steps you can take to help protect your business from the growing threat of cybercrime. It is estimated that the recent Equifax attack has compromised over 55% of Americans over 18 and damages from ransomware attacks are estimated to reach $5 billion worldwide. Hackers attack without regard for a business’s size or industry. The Department of Homeland Security National aims to combat this threat by shining a spotlight on this issue with National Cyber Security Awareness Month. USAmeriBank wants to help ensure your financial security by providing the following tips to protect your business from cyber-attacks.
- Train your staff
One of the most significant steps you can take as a business owner is to promote an environment of security and to set protocols for managing data. According to the 2017 Data Breach Investigation Report, 25% of all breaches were caused by internal actors. While this includes insiders with malicious intent, a significant number were accidental breaches caused by unintentional actions. Shockingly, 1 in 14 people today still fall for email phishing attacks, and once they open a link or attachment they are opening the window for malicious software. The best way to protect your business from these accidental lapses is to educate your employees in the common tactics used by hackers and in your company’s safety protocols. If you have the budget, consider investing in a formal training program to educate your team-members. At a minimum, pull together some required reading for your team to make sure everyone is aware of the actions they should take to protect the business from vulnerability.
- Get serious about password security
Although most people are aware that a complex password increases security, they are still surprisingly lax when it comes to putting it into practice. Hackers take advantage of this by using software and technology to ‘brute force’ their way into a system; essentially running through lists of combinations until they stumble upon the correct one. According to the Verizon 2017 Data Breach Investigations Report, 81% of all breaches exploited stolen or weak passwords. To help protect against this threat, passwords should contain a combination of upper and lowercase letters, numbers, and symbols. Never use an easy to guess password such as Admin1234 or password01. These are generally the first ones a hacker will try. Also encourage your employees and customers to vary their passwords so that if a hacker cracks one, the damage will be limited to that account. Be sure you maintain the ability to restrict access and revoke privileges at any time, should one of these accounts become compromised.
- Use ‘Principle of Least Privilege”
The Principle of Least Privilege (POLP) is an idea first implemented in the 1970s by the US Department of Defense. It aims to limit the possible damage caused by security breaches. Today, the concept has migrated to the technology sector and translates to granting the lowest possible permissions needed to adequately perform a job or task. This limits the potential vulnerabilities to your network that can come from unnecessary privileges. This principle is not only for users, it should be applied also to programs and processes on the computer. Take care to give administrator access only to those who absolutely need it, and even then, they should reserve these accounts for times of necessity.
- Backup your data
Ransomware is a growing trend in the world of cybercrime, and it works by infecting and encrypting your data, then holding it hostage until you pay a ransom to unlock it. According to the FBI, the first several months of 2016 revealed global ransom damages at an all-time high. Unfortunately, many of the victims who pay ransom money are given only partial decryption keys and extorted for even more funds, or given no resolution at all. The best way to protect your business from the fallout of a ransomware attack is to ensure all valuable data is regularly backed up. While this may not stop the initial attack, it will ensure that you do not lose access to your data. The FBI also cautions you to keep your backups separate from the machines or networks they are backing up. This could be in a cloud environment or on a physical, off-network drive; however, be aware that some advanced hackers also have the ability to freeze certain cloud data.
- Keep patches up-to-date
It can become cumbersome to install patches and updates in the middle of the workday, so many people will postpone or ignore these prompts. This is a potentially catastrophic mistake that can put their machines and your network at risk for malware. Patches, or “fixes”, are commonly released to address issues or vulnerabilities in the operating system and software programs. It is essential to make sure you and your employees remain up to date with any available patches to maintain the highest level of security. It may be impractical to police your entire team to make sure they are keeping up with all updates; investing in a centralized patch management system can save you time by searching for and consolidating patches for your various software programs. These programs can also schedule patch deployment and allow you to easily track the status of devices within your company.
It is important to closely monitor the activity on your network to identify vulnerabilities and potential breaches. Well-meaning employees may inadvertently create opportunities through errors, or through more nefarious means. Making sure you are paying close attention can help you stay ahead of the threat before it becomes a problem. Use data analytics and threat-intelligence software to help you monitor and log user activities. Many companies are now moving to cloud-based security solutions, which are valued for their ability to provide dynamic monitoring. In a cloud environment, data can be combined from all digital traffic, and multiple sources can be combined without loss of security or data integrity.
- Assign a Dedicated Security Point Person
The world of technology is a quickly evolving landscape that can be difficult for some employees to manage, particularly when dealing with their regular responsibilities. As such, without proper oversight even the best security plans may be vulnerable to misuse. It is a good idea to designate a team member who is responsible for overseeing the security protocols of your company. Depending on your resources, this may be a dedicated IT expert, or it may be a team-member with other responsibilities. This person should stay informed on any news or policy changes in cyber security, and should know the protection requirements for your business and oversee their implementation.
Cyber-attacks may be pervasive, but they are also predictable. By taking the proper steps to prepare your business, you can significantly increase your security. Be sure to act now to make sure you and your business are protected. For more information on cyber security tips visit the Department of Homeland Security’s Cyber Security Awareness website and the National Institute of Standards and Technology (NIST) Cybersecurity Framework.