3 Important Ways Your Business Can Keep Cyber-Criminals at Bay
If you run a small to medium enterprise or not for profit organisation, you are at risk from cyber threats. We all are, but SMEs in particular are being hit and losing real money as a result of criminal activity that is deliberately setting out to cause harm.
With experience pitching cyber security products to banks and government departments, I have learned some valuable lessons at a strategic level that can be applied to the smallest of businesses. The first lesson for me was that technology is only part of the solution, but needs to be behind every aspect of business and security.
First, we must get our strategy right – what is important to protect, who are we protecting it from and how we are going to go about protecting it? Not even the banks and government can buy every security technology they are offered, and they must prioritise their spending to ensure the biggest threats are addressed first.
The biggest threats are still from people inside your business space, insider threats, or the guy sitting next to you on a plane reading your emails, your proposal or your pitch deck on the way to a presentation.
The next scale of threat may well be your staff opening something in their email they should not have, in a moment of distraction or low attention. Not a malicious act but a simple mistake. As we all deal with too many emails and too many websites and tools with passwords, it is relatively easy to be distracted into giving away access to data. Sure, not every email every time with every staff member, but it’s the one that gets through that counts.
The next level threat is the opportunistic attack where your network is breached by a systematic, automated search for vulnerabilities and some feature of your systems is exploited or breached.
The top level threat is when a targeted attack is launched on your business to penetrate your systems to find specific data or to manipulate your systems, as in the case of Facebook recently where 50 million accounts were harvested.
So, how do you combat these threats?
The steps to getting your strategy right are to determine what it is you are protecting and the value of it. As an SME, you have a legal obligation to protect your client’s and staff personal information and your businesses IP and financial information. If your business uses IT systems to run the business, as most do these days, you also need to ensure continuity and disaster recovery of those systems.
A breach may not be as public an event as Facebook’s and definitely will not reduce your share value by $17 billion in a week, it may however cause you pain and expense in a number of ways. At worst, it may lead to the end of your business.
Determine where the need to protect is, determine where the need for continuity is and implement technology to fix that. Determine who has access either physical or over the network or internet and ensure suitable restrictions are put in place. Plan a budget to train your staff on suitable use of IT systems. Ensure you have access to the right advice and the right resources.
The success of all businesses is determined by the people involved – unfortunately, so is the failure. If you have people in or around your business it is wise to train them to be “Cyber Safe”. Recognising a threat in the form of a bad website or email message is a good step to take. Physical security of your servers by keeping them in a locked room is good, and restricting access to folders on the network drives is all the standard stuff to ensure your own people are not stealing your data, sharing it inappropriately or letting it get infected by a virus on their PC.
Today there is so much more we need to take into consideration, with people globally attempting to access your computer. Have you ever had that thought that one in a million people on the internet are probably trying to get at you one way or another? With four billion connected users, that’s 4,000 threats – you need to set up defences against these people every day. The fact that you are in Australia means you are one of the wealthier demographics and as such you and your business are targets.
So, when you are setting up for cyber security, think about how people might want to do wrong by you.
When your strategy is right and your people are considered, you then want to ensure you use the best products to minimise the impact to your business. You cannot afford to use every technology out there for cyber security but you can choose safer options in every little decision. You need to select and deploy the best of antivirus solutions and spam filters, firewalls and web filters. You can also make use of two factor authentication so it is harder to access your networks remotely but not so hard your staff don’t bother.
Often it is the little differences, not the big decisions that make the biggest difference. For example, when you select a laptop for business use, you can buy a consumer grade product, or for a few dollars more you can by an HP laptop with a limited viewing angle option on its screen, so when you are in public the view of your laptop screen is limited to stop people reading off the screen. It is about buying secure printing devices, like those from HP, which do not cache your files in a way that lets intruders copy them. It is about the little things that stop people accessing your wireless networks because your patching is managed and up-to-date.
There are products for everything but it is about getting the right advice that then lets you use common sense to take the protection you can for the components you must. We do not need to turn it all off and start again but we do need to take security seriously. We must allow for planning and investment of time and money to be on top of cyber security in 2018 and beyond.
Want some help? BizProtect is here to help you through this journey by providing technology, support, advice and ongoing management to ensure your safety. Get in touch today.