Is Your Business Prepared for a Security Breach?
By Christine Bolaños.
As the global workforce and economy continue to transform and depend on technology, so too, do cyber hackers adapt and find new ways to invade private information of public and private sector networks. Even some of the largest, most prepared companies like Reddit, Ticketmaster, Yahoo, Equifax, Facebook and the U.S. Homeland Security, have dealt with data breaches, according to an August report by Wired. (https://www.wired.co.uk/article/hacks-data-breaches-in-2018)
The FBI is the lead federal agency for investigating cyber attacks by criminals, global adversaries and terrorists. According to the FBI’s website, cyber crimes are a serious threat that continues to grow. Some of the most common threats include computer and network intrusions, ransomware, identity theft and online predators.
This leaves small business owners who may not have the expertise or money to invest in top-notch cyber security feeling vulnerable to cyber-crime. But simple precaution and preparation, coupled with common sense, can go a long way in minimizing opportunities for hackers.
Business owners should think about cyber security like they do about personal hygiene. For example, when connecting to Wi-Fi, they should ensure it is one they are familiar with. Joel Quejada, Lead Product Manager at AT&T, says about 80 percent of cyber security breaches come from people sharing their passwords with others, which ultimately compromises their information.
He advises people to use strong passwords, even going as far as using whole sentences or song lyrics.
“There are two main attack vectors for small business owners: one is through your email and the other through the web,” Quejada says. “If you’re able to protect your email and your access to the web then you’re accomplishing a majority of the defense you can do for yourself.”
Virus protection, such as Mcafee software, is a good start. But business owners can still fall victim to cyber crime if they open a hacked email or accidentally click on a website with malware.
AT&T offers defense-in-depth services, which is when multiple layers of security controls are placed throughout an information technology system. Quejada says the first layer can protect a laptop, cell phone or tablet and a second layer protects email and the web.
This added service can significantly reduce the chance of leaving any information susceptible to hackers. Small business owners can sign up for AT&T’s Tech Support 360, a virtual IT department, and protect multiple devices for a monthly fee.
AT&T regards small businesses as firms with one to 500 employees. Quejada says that having a segmented network is especially important for larger companies because if a hacker damages one part of the company’s network, it doesn’t damage the others.
“For small businesses, their network is basically one segment. They can use a firewall for protection,” he explains.
Backing up files is also a smart move.
While he doesn’t wish to alarm business owners, he does suggest they use a virtual private network or VPN, when out in public, as opposed to free Wi-Fi.
“There’s nothing wrong with using public Wi-Fi necessarily, but just understand that you’re potentially putting yourself in a position where people can see the data you’re transferring,” he adds.
A VPN offers business owners a superior connection from their device to the internet so that the information being transferred is encrypted.
Shayna Skolnik is co-founder and CEO of Navteca, which offers its customers, such as NASA, innovative projects ranging from cloud architecture to software development to virtual reality/artificial intelligence and natural language interfaces like Alexa.
As a business owner herself, Skolnik says it’s critical to be aware of threats, and keep up with current security patches, software and operating system updates and other maintenance.
“Whenever possible, use two-factor authentication to access critical systems,” she advices. “Remember that email is not secure unless it is encrypted, so never send passwords, credit card information, social security numbers, etc., in an email or attachment.”
She says small business owners can use cloud services to leverage the infrastructure and expertise of large technology companies like Amazon, Google and Microsoft.
“Cloud services are also very convenient for business owners, but to be used safely it is recommended that multi-factor authentication and specific user roles and policies are implemented,” Skolnik adds.
She recommends business owners have clear policies for password management, encrypted data, user access and user authentication.
“Be very careful with links and downloads and train users (including management) about cyber threats,” she says.
Bottom line, she advises, is to be aware that the internet is a public place.
“Just as you wouldn’t announce to the whole neighborhood that you are going on vacation for a week and leaving your house unlocked, you must be mindful of the information that you share, especially in social media posts, as there are individuals who can compile your information in bits and pieces for the purposes of fraud, hacking and other cyber crimes,” Skolnik adds.
If a breach does occur, she says business owners shouldn’t panic, but instead stay calm and focus on improving their internet, email and social media habits.
“You can always hire a consulting firm to do a security audit and make specific recommendations for your business — just as with your physical health, digital health is greatly impacted by prevention and preparedness,” she says.
The FBI has information for how to stay cyber safe as well as how to report a case to the Internet Crime Complain Center. Find out more via www.fbi.gov/scams-and-safety/on-the-internet and www.ic3.gov, respectively.
Want to comment or have any questions on this article? Email us at firstname.lastname@example.org