It’s time to prevent your computer from being hacked.
According to a McAfee report, almost 90% of small and medium sized businesses in the U.S. do not protect their company or customer information on the internet; and less than half of the companies protect their company email to prevent phishing scams.1 In addition, a recent survey by Kaspersky found that 75% of UK SME’s believe that their businesses are too small to attract hackers and that 59% believe that the information they have is of no interest to cyber criminals.2
The reality is that one in five small businesses are a victim of cybercrime each year, according to the National Cyber Security Alliance; and out of those companies nearly 60% go out of business within six months after an attack. In addition, a 2014 study reported that 31% of businesses with fewer than 250 employees were targeted and attacked.3
Hackers target small businesses because they are vulnerable. Many of them don’t have a security expert on staff, a security strategy, or a written procedure to limit the online activity of their employees.
The following are some tips to help prevent cyber criminals from tapping into your network:
Tips To Prevent A Computer Hack:
1. Replace Windows XP now. Microsoft will stop supporting this system in April, so any viruses or problems found from that point will not be fixed.4
2. Regularly backup all data. If possible, backup your data automatically, or at least weekly, and store the copies either off site or in the cloud. If someone is hosting your site, make sure they have a disaster recovery plan. Cloud computing and services such as DropBox and Carbonite cost around a few hundred dollars a year. If you go with a cloud provider, seek to establish assessment criteria (BITS, CSA, ISO, etc.) and ensure that these vendors meet your standards.5
3. Use a trustworthy computer for all online financial transactions. Do not use this computer for email, web-surfing, or social media, only for financial matters. Also, review your banking transactions on a daily basis to help spot fraud. Validate emails, domains, and web URL’s. In the case of a funds transfer or wire request, do not click on links or attachments. In fact, do not communicate through the first email request. Instead, pick up the phone to validate the request with your supplier at a known number.
4. Limit personal e-mail access to personal smartphones and not the company Wi-Fi. Also, be sure to encrypt your data. “If your company must have a Wi-Fi network, disable the Service Set Identifier (SSID) function on the wireless router and update it to the latest encryption standard. In addition, secure your router with a strong admin password and a WPA2 password on your Wi-Fi. Use a VPN to avoid laptops and mobile devices being hacked when out of the office”.6 Although companies allow employees to connect personal devices to the internet at work, they are usually not checked and could infect your network with malware or could download sensitive data. So, be careful with all of these devices. In addition, take special caution with flash drives because they can also spread viruses.
5. Protect all electronic devices. Establish employee reporting procedures for lost or stolen equipment. Prepare for this by ensuring you can remotely lock, locate, and wipe your devices. Also, set up two-factor identification. This sends a secret code to your phone to verify your identity. In addition, avoid using common webmail providers like Yahoo, Gmail, and Comcast, for your business email.
6. Make your password hard to hack. Consider utilizing the “keystroke” method. For example, if you choose a word such as “baseball”, then use the computer key just above and to the left of each actual letter. So, this would transform “baseball” into “gqw3gqoo.“ It is also a good idea to set computers to automatically log out after 15 minutes. Cyber criminals are now demanding a ransom in exchange for a company to receive a new password to retrieve its own data.
7. Install Business Grade Anti-Virus software and Anti-Malware. This is very important since 90 percent of attacks take advantage of outdated software bugs on unpatched computers.18.
Check out the PC Magazine.com7 or Lifehacker.com8 for more information. Also, remember to choose a reputable Distributed Denial of Service (DDOS) or a Content Delivery Network (CDN). Try to avoid investing in a Single Sign-On Solutions (SSO).5 Likewise, don’t add more than one anti-virus program and one anti-malware program because it can cause computer conflicts.
8. Protect yourself from ecommerce hackers. Make sure that if you use online credit card processors that they comply with the Payment Card Industry Data Security Standard requirements (PCI DSS) or you could be on the hook for customer damages if you are hacked. For more very useful information on protecting your ecommerce site, please visit the cio.com website.9
The following is a list of some free and lower cost security products for small and mid-size businesses:
I. Free Security Products:
–Avast for Business. This anti-virus program manages and protects all the devices for your business and can be found at the avast.com website.10
-CloudMask. It secures email messages and attachments in Gmail. However, other packages and mobile apps will soon be available. The free beta can be downloaded at the cloudmask site.11
-The Secunia Personal Software Inspector (PSI). This is a free computer security solution that identifies programs in need of security updates to safeguard your PC, which is available at the Secunia web site.12
-IBM Trusteer Rapport. You can download and install this tool to help “harden” your browser and protect against malware and phishing schemes.13
II. Lower Cost Options for the UK:
-The IASME Consortium has created the IASME standard. It is designed to be more affordable and achievable for small businesses than the ISO 27001 international standard. Refer to the iasme.com web site.14
-Cyber Essentials. In June 2014, the Government launched this option to help businesses develop basic cyber security solutions at an affordable cost. Refer to the Cyber Essentials website.
III. Consider buying Cyber insurance. When investigating separate cyber policies, determine the amount of coverage that you will need, find a knowledgeable broker, get multiple quotes, and look to carriers with proven track records of working with small companies. (It is important to remember that you can be held liable if you lose your third party data even if it is stored on a cloud).
-Companies like Ace (acegroup.com) and CAN (cnapro.com or cnaeurope.com) specialize in selling to smaller companies. For more information and for a free assessment tool go to the entrepreneur.com web site. 15
-ISO announced new cyber coverage for small and midsize businesses to take place this month. Please visit the verisk.com website for more information.16
I would also encourage you to take a look at the mcguirewoods.com web site before purchasing a cyber insurance plan. There is some very good information on the site that could save you money before you purchase a cyber policy.17
Unfortunately, no system is 100% hacker proof. However, self-awareness and being IT savvy does have a major role to play in combatting cyber thieves. So, I hope that you will take action today and put these tips to good use to help prevent your computer from being hacked.
14 http://www.londonchamber.co.uk/DocImages/12773.pdf, Pg. 15