Business Leaders’ Guide to Avoiding Hacks

It seems these days that hacker is a job title with a bright future. Take a few extra clicks through the web and you’re bound to read either a story about hacking or the actual information that has been hacked – emails, business financials, personal info, or even your grandma’s secret fruitcake recipe.

In 2017, businesses must go on the defensive to protect their intellectual property, customer data and revenue in an online world which has more and more troublemakers squeezing through the cracks.

And let’s be clear it’s not just governments and corporate giants which are the targets. Businesses on Main Street are too. Small and medium sized businesses, often with not a lot of IT or security resources are becoming juicy targets for the hacking bad guys. According to new data from Symantec’s 2016 Internet Security Threat Report: “Last year, phishing campaigns targeted small businesses (PDF) 43 percent of the time. That’s up 9 percent over 2014 and a stark contrast to the mere 18 percent of attacks that focused on small businesses in 2011 … Symantec’s report reveals a 55 percent increase from 2014 to 2015 in the amount of spear-phishing campaigns that target employees of a business of any size.” (Source) In 2014, Russian hackers (those guys are popular) grabbed customer information from more than 400,000 business websites, getting away with more than 2 billion passwords. And they haven’t slowed down. (Source)

Here are some steps that any business can take in order to make themselves a little less vulnerable against anyone prowling around the web. Remember, the best offense is a good defense.

  1. Define the boundaries for your employees: A few bad clicks on phishing emails or strange web downloads are dangerous moves which could turn your company’s online security into swiss cheese. Educating your employees and creating acceptable use policies for what they should and shouldn’t do on the internet can make a big difference in whether a company network becomes a secret home to malware. Keeping them up with the latest threats will raise everyone’s radar.
  2.  Control the admin keys: Even a small organization can create a hierarchy for who has administrative access to the company’s server, email dashboard and enterprise software. Allowing all employees admin access can create a stew of changes, which can often be traced back to employee making something work for them on their device. “Security policies and mechanisms must be put in place for company data access from personal devices,” said P.J. Gupta, a mobile security expert and the founder and CEO of iPlum to BusinessNewsDaily.com. “Tight control on who has the privileges to run which enterprise apps from which devices helps minimize the risk of data loss or corruption.” (source)
  3.  Treat email differently: Many of the most notorious hacks of the past few years came from people sharing a lot of information in the body of unsecured and non-encrypted emails. If a business is worried about what is being sent over the email transom internally, then training can come first, but an encrypted email service might be next. Services are available which will warn an employee if they are sharing sensitive information like a credit card number or an attachment of client contact information.
  4. Double-check Who’s Logging In: If you are worried someone is going to break down your door, sometimes the best solution is to just have two locks instead of one. Adding an extra step can frustrate and dissuade a bad guy just enough to make them give up and find an easier victim. On the digital side of a business, that more and more often means the addition of Two Factor Authentication. You are seeing this on everything from your bank to your favorite social media platform. Two Factor Authentication means that a password isn’t enough to get you to your data. These extra steps can include a secret piece of knowledge – i.e., “Mother’s maiden name” – or a fingerprint, voice password or PIN.
  5. Verify unusual requests with a real person: Bad guys have begun impersonating employees e-mail addresses to request that co-workers transfer funds to external accounts. This can result in losses of tens of thousands of dollars. If a request for external payment seems unusual, verify with your co-worker via phone or face-to-face.

Those are just a few simple steps a business can take to keep their cybersecurity guard up going into 2017. For more information or assistance contact Amshot at 405-896-8152 or consult@amshot.com.

Amshot Protecting Against Hackes