Small business owners tend to think that their business data is not attractive to hackers. If you think that they won’t come after your Columbia small or medium sized business, think again. Your business is actually at an increased risk. Do most criminals go after the mansion with lights on and massive visible security or do they break-in to a smaller house with fewer valuables but is dark and not adequately secured? Yep, they typically go for the easier, quicker option. Cyber criminals know that small businesses are an easy target and have even developed automated tools to look for vulnerable networks.
With the recent massive malware attacks, it is more important now than ever to protect your small business from hackers who can sell your data (customer information, patient data, etc) on the black market or encrypt all of the data for ransom and leaving you unable to work. So, how can you best protect your business?
- Use a really good firewall – Firewall is the first line defense from hackers. It provides a barrier between your internal network and external networks. Not only should you have a good firewall, you need to have an IT administrator that is an expert in configuring your specific firewall. According to this article, 99% of firewall breaches will be caused by simple firewall misconfigurations. In addition, multiple HIPAA violations have occurred due to an inadequately configured firewalls resulting in patient information being found on Google searches. For this reason, 43Tc includes a top of the line firewall configured by our engineers as part of our monthly management fee. It’s much easier to know one type of firewall up, down and around than multiple firewalls with different configurations.
- Use AV products and keep them updated – I think most businesses know they need to have anti-virus installed on all of their machines. But not everyone keeps them updated. A recent Columbia dental practice experienced malware that encrypted all of their patient files because they didn’t perform recent updates.
- Install Security Updates (Patches) – In May 2017, WannaCry ransomware infected more than 70,000 machines around the world in a matter of hours. Had the security patch released by Microsoft 2 months prior been installed, it could have been prevented. Your IT administrator should be installing your updates at least weekly or automatically.
- Never click on a suspicious link – How do you know if an email link or attachment is suspicious? Always assume the worst. If you aren’t expecting it, don’t open it. Read Identifying Illegitimate Email Links for more details on how to determine if an email is legit.
- Implement a Backup and Data Recovery Plan – If your business has been attacked by malware, you will recover your data from your last backup. You should be backing up your server to an alternate local device and also to the cloud and you should be able to completely recover your server quickly. (Backing up files is different than backing up your entire server). If you have never tested and run your business off of your server backup, assume it doesn’t work. 43Tc recommends testing your backup and data recovery plan on a quarterly basis.
- Use complex passwords – According to a Forbes Article, hackers can run 420 billion simple, lowercase, eight-character password combinations in less than a minute with a cheap graphics card. It’s similar to a lock that is easy to pick. 43Tc recommends using a password manager to generate and store extremely long passwords. The effort involved is no different than the effort to create weak weak passwords.
- Encrypt your data – This is especially important for Columbia businesses who store customer credit card accounts, employee social security numbers or patient information. This is the information that hackers want.
- Physically secure your hardware – Make it very difficult for someone to steal your server(s) or any other hardware with data. It’s just one extra step of security and a must if you don’t have your server data encrypted.
- Educate your employees – Have a formal company internet policy including what is acceptable and prohibited online activities. For example, prohibit employees from using peer-to peer file sharing and clicking on links or attachments that don’t pertain to company business.
- Lock your network – Unsecured Wi-Fi is like leaving the front door open for hackers to come on in and freely access your sensitive data.
- Knowledgeable IT Department/Provider – Not all IT Providers or IT Managers have the knowledge to adequately secure your network. Ask them lots of questions and don’t assume they have your network protected. We’ve seen multiple Columbia businesses who had a ransomware attack that encrypted all of their files. Unfortunately, they assumed their IT provider knew how to adequately protect them when they did not. Ask your IT provider what happens if you experience a breach? How long will it take to recover your data and resume normal business activities?
- Security Risk Assessment – An IT security risk assessment performed by a third-party IT consultant will identify and quantify potential security risks to your organization. Security is complex and 43Tc recommends taking a proactive approach to mitigate your risks.
Keep in mind that there is never a 100% guarantee that your business won’t get hacked if it is accessing the internet. Even businesses with top of the line security in place have experienced a security breach. Cyber criminals are very good at what they do and are getting better at finding vulnerabilities. If you follow the 43Tc recommended tips, you will sleep better at night knowing your system is secure.