5 Critical Cyber Security Questions for Modern Businesses
Recently, Equifax suffered a major data breach that exposed about 143 million consumers to credit card fraud and identity theft. While this latest cyber-attack targeted one of the largest credit bureaus in the U.S., small business owners should take notice. If you haven't been thinking much about protecting your data from cybercrime, here's what you need to ask yourself.
Do my workers have effective passwords? The majority of data breaches can be traced back to weak passwords. Unfortunately, most businesses fail to implement strict password policies until it's too late. If you haven't yet, make sure to counsel your employees on the importance of using passwords with numbers, special characters and both lower and uppercase letters. You should also make sure your system requires employees to change passwords every few months.
Are you backing up critical files? While most people associate cyber-attacks with stolen data, there is another threat that can make your data inaccessible. Known as ransomware, this malicious software utilizes a technique called cryptoviral extortion, through which it threatens to block access to data until a ransom is paid. Since well-designed cryptoviral extortion attacks rely on digital currencies such as Bitcoin and Ukash, it can be difficult - if not impossible - for authorities to identify perpetrators. For this reason and many others, it's a good idea to have copies of your sensitive business data available on a secure off-site server.
Is all of your software up to date? Many types of malware rely on weak points in software to infiltrate entire systems. Make sure your software is updated with patches that can block attacks. You should also ensure that you have antivirus and malware software installed and up to date. If you use WordPress for your website, be sure to regularly update it, since many malware attacks often focus on websites that rely on WordPress for publishing.
Do you encrypt your data? If you don't encrypt your database and customer information, you are almost begging for trouble. Without encryption, your most sensitive data is accessible to hackers. It could also find its way to your competition, who could use it to gain an upper hand. Make sure to protect your data by adding encrypting technology. You can further enhance your security by using two-factor authentication wherever possible. You should also carefully manage which employees or freelancers you allow to have access to sensitive company information.
Does your staff understand signs of phishing? A huge percentage of cyber-attacks start with phishing emails, through which an entity attempts to obtain usernames, passwords or other sensitive information by disguising itself as a trustworthy electronic communication. This may include a genuine-looking email address which uses the name of a colleague. It may also consist of a false alert from a banking or credit institution, which requests sensitive data. Whatever the case, it's important to educate yourself and your staff on how to identify phishing scams. If you don't know, consider inviting a professional to come speak to your team.
A Growing Problem
While media headlines suggest that most cybercrime affects big corporations, this isn't the case. Many cyber criminals aim their malware at smaller enterprises, because they tend to have lax security. According to industry experts, cybercrime damage is expected to hit $6 trillion annually in the next four years. To keep your company safe, make sure to address any potential weak points and start educating your staff on the proper ways to protect sensitive information.