Every morning we read news about attack bombings, war between countries and nuclear bombs being prepared for the final doom.
But, on the virtual world, there is another kind of war that is brewing. Cyber criminals are the war admirals who are leading the pack with powerful computers and terrific coding skills.
Is your business’s IT defense system ready to tackle this war? Whether you are a small business or one that has a six figure employee base, you need a cyber security plan in place.
Wondering where to start? Here are some questions to ask yourself to spot security loopholes. Don’t waste much time fixing them.
- Are your employees trained in password hygiene?
- Do you encrypt information shared across the Internet?
- Do you have a data backup plan?
- Are customer details and critical databases kept offline?
- Are all files and attachments scanned for malware and viruses before downloading?
- Who has access to critical organizational data?
- Does your company allow BYOD work culture?
- Are employees trained to identify phishing emails?
- Do you have a disaster recovery plan in place?
Are your employees trained in password hygiene?
Shared passwords are the biggest loopholes that hackers are exploiting to break into websites. A study by ISDecisions has showed that more than 52% of employees see no risk or danger in sharing their login passwords.
The risk in password sharing is that, when data is lost, stolen or damaged you cannot hold accountable one person for the fault. An entire group is accountable for the mistake. This is difficult on the part of the employer since mass dismissal of employees is unthinkable. A safer way out would be to train your employees in password hygiene. Make them aware of the need to abstain from password sharing, lest suffer together.
Online stores, banks, insurance companies, healthcare institutions all use encryption to ensure that data shared across the Internet is not intercepted by Man-In-The-Middle Attacks.
Encryption transfers the data into a unreadable form that prevents users from making sense of the actual data even if they gain access to it. And, using an EV SSL certificate boosts customer confidence as it displays business name in green text in the browser and provides free trust seal. This gives an assurance that the website dealt with by the customer is indeed one that is real and authentic.
Do you have a data backup plan?
If your business is creating, collecting or maintaining any form of data, be it accounting records or customer billing invoices; it needs to backed up on a regular basis.
There are two benefits to taking regular backups. One, you always have a copy of confidential and essential data. Two, even if your data gets locked out by a ransomware attack, you still have access to your backup data.
Using a cloud or on-prem server to take data backups would be a great solution. Ensure that the backup records are again encrypted and stored in hack-proof conditions.
Are customer details and critical databases kept offline?
UBER suffered a hack that leaked critical information of 57 million users. The company covered the hack by paying the hackers a princely sum of $100,000 to delete the hacked files.
What UBER do wrong? Their records were available online that hackers could easily reach.
Imagine your company in the same place? Would you be able to pay a ransom sum to get back your data. What of the hackers do not relent for a ransom payment at all? Your business stands to lose drastically in terms of reputation. It is best thwarted by keeping critical databases offline, far from the reach of hackers.
Are all files and attachments scanned for malware and viruses before downloading?
Email attachments and files downloaded from the Internet are the primary source of malware virus and ransomware. Scanning them before downloading the files will go a long way in protecting your system integrity and the data in it.
Purchase and install an antivirus program and integrate it with your email to ensure that all emails and attachments are scanned properly before use.
Who has access to critical organizational data?
Access control ensure that only authorized personnel are granted access to critical organizational data. Data like customer records, payment information, banking credentials, etc. should be protected by multi-layer access controls.
Use of two-factor authentication and digital signatures ensure that only such information that is can be disclosed is given access to users.
Does your company allow BYOD work culture?
BYOD which stands for Bring Your Own Device is a work philosophy where organization allow their employees to use personal devices for official works. While this delivers immense benefits like cost savings on devices and also greater flexibility, there are some hidden perils.
Employees may not be keen to update their antivirus software since it costs them on their personal accounts. Also, they use it for accessing personal emails and other online accounts through which files containing malicious codes might get into the system and subsequently into the office network too.
A surefire way to deal with this would be handing over the system updates and antivirus installation and updating process to the IT department. They can do it on a periodical basis ensuring that BYOD devices are also secured at all corners.
Are employees trained to identify phishing emails?
Phishing emails con users into submitting information or even transfer funds to third party accounts. It works by sending fake emails that look identical, so perfect in looks that the user cannot distinguish it from an original email.
When the fake email appears to have originated from a colleague or a superior at work, users tend to share information. Such information helps the hacker steal funds or gain access into the network.
Do you have a disaster recovery plan in place?
A disaster plan is required to get back on your case if a worst case scenario happens. The plan lists out things that need to be done, who will do it and in what sequence. Without a disaster recover plan your business will take longer to resume operations after a hacking attack.
How have you fared so far in cyber security? Have you been facing too many negative answers in the questions above? In that case, it is high time that you start giving more importance to cyber security so that your customer and organizational data remains secure for a long time to come.