As large corporations continue to harden their defenses against hackers, cyber criminals have turned their attention to businesses that are more vulnerable to attacks. In fact, in the last 12 months alone, hackers have breached half of all U.S. small businesses, according to a report by the Ponemon Institute.
Bombarding systems with ransomware is attractive for cyber thieves because the activity is easy to deploy and hard to trace to attackers. It’s also quite a lucrative venture, as ransomware is expected to cost victims a total of $5 billion this year in repair or new spending costs, according to Cybersecurity Ventures.
To face this threat, Congress has introduced the Main Street Cybersecurity Act. If passed, this legislation would require the National Institute of Standards and Technology, which publishes guidelines to protect big businesses from cyber attacks, to provide similar guidelines for smaller businesses.
But you don’t need to wait on the federal government to start taking steps to improve your cyber security. Here are five steps you can start taking now to protect your business.
1. Keep Your Software Updated
Keeping your software updated against the latest cyber security threats is key to protecting your company’s network. To achieve this, make sure devices on your network are equipped with antivirus software that automatically updates on a set schedule. Additionally, make sure to update your operating systems and apps with the latest versions in order to incorporate the latest security updates.
2. Secure Your Networks and Websites
It’s also important to secure the networks you use for internal operations and to safeguard your public-facing website. The first layer of protection is enabling firewalls for devices connecting to your network. For additional protection, use a secure connection with encryption, such as a virtual private network, or VPN. You can further harden your network by configuring your wireless access point or router so that it masks your network’s service set identifier or SSID.
To secure your public website, it’s best to set up a secure connection, meaning your URL will begin with “HTTPS;” this will inform website visitors that their browsing experience and information will remain safeguarded. But it’s not just about protecting your payment pages, as you’ll want to establish a secure connection throughout your entire site. Taking these steps will help ensure your employees and customers’ personal information and browsing history remain safe when visiting your website.
3. Implement Policies About Using Strong Passwords
Having a strong password policy provides another layer of protection for your network. With that in mind, your best bet is to require employees to use passwords containing between 12 and 14 characters, with a mixture of capital and lowercase letters, numbers, and symbols.
And these requests aren’t coming from just anywhere. According to the Federal Communications Commission, you should require your employees to change their passwords every three months. If you’re new to this, use a digital password manager program to make it easy to enforce these policies. Additionally, using two-factor authentication will strengthen your passwords with a PIN number or other verification method, making it much more difficult for hackers to bypass.
4. Train Employees to Avoid Scams
Your employees can be a weak link in your security if they don’t follow your policies, so it’s crucial to train them appropriately. While it may seem like common sense, make sure your employees know not to open any suspicious-looking email attachments or click on any links from unknown sources. You should also establish guidelines about which devices employees are allowed to use on your network and how your workforce should protect their passwords from unauthorized parties.
5. Back Up Your Data
Despite your best efforts to secure your network, you always run the risk of being hacked or dealing with a power outage. Safeguard your employees against this risk by deploying good data backup procedures. For example, one best practice recommended by security professionals is to store three copies of your data in at least two different areas, with one copy located in a different location than your local network.
To create a secure backup in another location, you can schedule automated backups with a cloud-based security provider like Mozy, which uses military-grade encryption to prevent hackers from accessing your data. Scheduling frequent, automated backups will ensure you can always retrieve a recent copy of your data, allowing you to recover quickly from a ransomware attack.
Contact ‘corePHP’ today to help with cleaning up your hacked site or have us monitor your site to keep your data protected at all times. Security should be your company #1 priority for the website and we look forward to helping you with that. Learn more.