The recent high profile hacking attacks by LulzSec and Anonymous have made a lot of people nervous about the state of Internet security. Thankfully our nuclear launch codes are safe as long as we have George Clooney on our side. Unfortunately, hackers are after more than just launch codes (or even George Clooney).
Attacks on government agencies and big corporations get splashed all over the news, but these guys can afford sophisticated equipment and cyber security analysts to slow or stop the assault.
Small businesses and entrepreneurs, on the other hand, are just as wired into cyberspace but without the same level of defense to safeguard their data.
It seems that hackers have found their next big target in your small business.
According to a recent online article in the Wall Street Journal, the U.S. Secret Service with Verizon’s forensic analysis unit have responded to a combined 761 data breaches in 2010. That’s up from 141 in 2009. In 2010, 63% of the attacks were against companies with 100 employees or fewer.
According to Dean Kinsman, a special agent with the FBI’s cyber division, cyber-attacks against small businesses are “a prolific problem. It’s going to get much worse before it gets better.”
Visa also estimates that about 95% of the credit card breaches it uncovers are on its smallest business customers.
The government knows this is a big problem too. The House Committee on Oversight and Government Reform has just begun a series of hearings on American cyber security and preparedness, with one of the major focuses being on economic security.
In May, the FCC held a roundtable discussion specifically on how small businesses can protect themselves from cyber attacks.
As reported online by the National Journal, FCC officials estimated that U.S. companies lose about $8 billion a year to cyber attacks. The average attack can end up costing a small business nearly $190,000.
However, there are several easy, common sense steps you can take to limit your vulnerability.
1. Antivirus, antivirus, antivirus!
Install and regularly update your antivirus software on every computer that you use in your business. Don’t forget to perform weekly scans of every system to make sure that there’s nothing lurking.
2. Make sure all employees understand the risks
Establish a general list of rules and regulations for handling important data, including how to safely transmit it. If you keep sensitive equipment onsite, make sure you have established rules for how to manage it as well. All these rules mean nothing if no one knows them, so keep all your employees up to speed with these guidelines.
3. Put up the wall
Make sure you set up a firewall to protect your internal network from outside intruders prowling the Internet for easy targets.
4. Backup, backup, backup!
Regularly schedule and perform backups on every computer, especially the ones with sensitive data.
5. Your neighbor isn’t the only one who wants to steal your WiFi
Protect your WiFi network by making it password protected and hidden. Don’t forget to change the out-of-the-box administrative password on your wireless router when it’s first installed.
6. Change is a good thing
Change your passwords at least every three months. The older a password gets, the more likely people will find out what it is and be able to crack it.
7. Attachments of doom
Never open an attachment if you don’t know who it’s from or what it is. Even if it’s from someone you trust, don’t open the file if it seems a bit random. Contact the person who sent you the email to see if it was automatically generated by a virus, or if they just genuinely wanted to share a funny PowerPoint.
8. Get rid of the junk
Remove any programs that you don’t use or that aren’t trusted by a certified cyber authority. That random PDF Converter you downloaded for that one thing six months ago might actually be a gateway that hackers have been using to access your system.
9. Low tech still works wonders
You don’t let just anyone read your email, so you shouldn’t let just anyone walk into the room where you keep your servers. Regulate and monitor who has physical access to important equipment and business computers. Laptops usually can’t run very fast, but the thief carrying them probably can.
At Grasshopper, all our employees have keycards so that we can track who and when people enter our network operations center. On top of that, only certain employees’ keycards will work to gain access to the room.
If you just can’t get enough cybersecurity, the FCC also has many links to private and governmental resources that can help small business owners and entrepreneurs.
In his appearance at an October 2010 Security Innovation Network showcase, Michael Chertoff, the former Homeland Security Secretary, worried that it might take a “digital 9-11” to get businesses, consumers, and governments to start thinking seriously about the international cyber threat.
When was the last time you checked the security of your systems? Is your business protected?