You might think only large companies are the targets of hackers. After all, there are countless stories about how places like Home Depot, Target, Apple, and other corporations had security breaches. Unfortunately, small businesses must worry about this too. A study by Symantec in 2012 found that about half of all cyber-attacks targeted companies with less than 2,500 employees. Businesses with fewer than 250 employees made up 31 percent of these victims.
According to the National Cyber Security Alliance, one-fifth of small businesses are the victims of cyber-attacks every year, and 60 percent of those companies close their doors for good within six months. Your company has a 20 percent chance of facing a security breach, so it very important that you know how to fend off attackers if you want to save your business.
Hackers are opportunists, always looking for another chance to strike an unwitting victim. Just one breach can end up costing you thousands of dollars and potentially drive your business under. Smaller companies are among the easiest targets because they often don’t see themselves as potential victims and don’t take the necessary precautions for protection. Small businesses might not yield the greatest financial results for hackers, but they make the easiest targets.
Daniel Whitehouse is a technology attorney with Whitehouse & Cooper, PLLC, who represents companies that have been breached. He says hackers cast wide nets to see how many companies they can exploit. “Many business owners mistakenly think hackers target specific companies, but that couldn’t be further from the truth. If you have computers, tablets, POS terminals, smartphones, etc. connected to the Internet, your company is at risk of being hacked.”
Be smart and stay safe by using these handy tips to outwit hackers and keep your company protected:
NO 1: Get Anti-Virus Software
This is probably the most obvious thing to do, but it is important. You don’t want vicious malware entering your computer, stealing your data, and making your computer unusable. Kaspersky, Norton, Symantec, and many other providers offer special packages and deals for small businesses. Be sure your protection is from a trusted brand that fits your budget.
NO 2: Be Smart About Passwords
Most people use the same simple password for several different accounts so they can easily remember it when logging in. This is a bad idea. Once a hacker gets your password, they can access your most private accounts. Some hackers have access to high-quality password-cracking software that makes it easy for them to break into your accounts. Be sure you use unique passwords for your most important accounts. Avoid using names, places, dates, and other passwords that easily bypassed.
One method of creating a secure password goes like this: Pick an easy to remember sentence and base your password on this sentence. For example, “The quick brown fox jumps over the lazy dog” can become a password like this: “7qBfj0t1d.” This looks like a string of random letters and numbers to the average person, but it is actually a secure and easy- to-remember password.
NO 3: Learn to Spot Suspicious Emails
Many hackers love to trick people by sending emails that look like they come from a legitimate company. For example, someone might get an email claiming to be from Wells Fargo and reminding you to update your account. The email will provide a link that will take you to a website that looks similar to Wells Fargo in order to trick you into giving your username and password.
How can you spot a phony email? First, hover over the sender’s address. The name might look like it’s from a certain company, but the email address might come from a third-party source. You should also hover over any links to make sure they actually direct you to the website in question rather than an unrelated website. If you do click the link, look for signs to check legitimacy: spelling errors, copyright date, and URL. Many websites such as PayPal and Bank of America have a green lock symbol on the left of their URL in order to show it’s a protected site. However, a fake website won’t have that symbol.
NO 4: Don’t Fall for Social Engineering
Phishing emails, like the example above, often use social engineering to trick users into believing something. Social engineering refers to manipulating people into giving up confidential information like passwords and Social Security numbers. Hackers often pretend to be representatives of companies, brokers, clients, or anyone else.
If someone has an offer that seems too good to be true, verify it. For example, you may receive an offer to do an interview with a representative from Fox Business. He may offer to do this to give your business coverage for an in-flight business talk show for a mere $2,000. It already sounds suspicious, but it never hurts to look things up. You might find this person not affiliated with Fox at all and airlines don’t list his show on their websites. Other people who had similar experiences may post their bad experiences and prove it’s a fraud.
Another common form of social engineering is people with an urgent need for money. You might get a message from a “friend” who claims a child has been kidnapped and ransom is needed within a week to save the child. Of course, the “friend” will do nothing more than keep the money.
Money, passwords, and credit card numbers are all great targets for social engineering experts. The best thing to do is to be skeptical of anything that sounds remotely fishy, and never be gullible.
NO 5: Separate Personal and Professional Computers
To take your Internet security to the next step, use different computers for business and personal use. The computer that handles all your company’s private and sensitive information, such as banking and financial accounts, should not be the same computer you use to play video games and download music.
This way, if spyware or some other virus enters your personal computer, they won’t access any of business information. Of course, it’s ideal to be sure neither gets hacked, but this method will minimize any damage thieves and hackers could inflict on your software.
NO 6: Have Multiple Layers of Security
When one layer of security just isn’t enough, have another. Each increasing level of authentication just makes it that much harder for hackers to breach your computer’s systems. Cyber-attackers get better every day, and the only way to keep them at bay is to keep your security current.
Do you have a firewall to block attackers? Add a layer of encryption and a few password locks just to go the distance. The more you can add to your security, the greater the resistance is and the less you have to worry about your system. It might seem like a lot of work, but remember, it is much better to be safe than sorry.
NO 7: Change Your Passwords After an Employee Leaves
Unbelievably, your company’s worst enemies don’t always come from behind a computer screen in a remote part of the world. Some of your enemies may be working for you. A February 2013 study by Symantec found 50 percent of people who lost their jobs in in a given year kept private data from their former company. Fifty-six percent of those people said they didn’t think it was a crime to use a past employer’s secrets for a new company, and 62 percent of respondents transferred work documents to personal devices such as phones and laptops.
Any employee who had access to a company’s credit card, bank account, Wi-Fi passwords, or anything else still has access them if information doesn’t change. The ex-employee could use that information for personal gain, to give a competitive edge to their new company, or to sell data to hackers or other people on the internet. It’s scary that so many employees are guilty of this. Protect your company if there is a high turnover rate or some disgruntled employees who wouldn’t mind sticking it to their old boss.
According to Whitehouse, the Florida Legislature has enacted a law to protect companies from former employees who take and use information without authorization. The Computer Abuse and Data Recovery Act takes effect October 1, 2015, and allows various remedies for violations of the act, including damages, injunctive relief, and attorneys’ fees. Whitehouse cautions that businesses must still use diligence to revoke authorization from former employees.
Hackers are tricky and dangerous, but all it takes is your wits, some precaution, updated technology, and a healthy dose of skepticism to combat them. Whitehouse also recommends obtaining cyber liability insurance (also known as data breach insurance) to your arsenal of tools to combat the hackers. “These policies are relatively inexpensive when compared to the cost of a data breach,” he says. In an ideal world, no one would worry about hackers. Unfortunately, the reality is they are a real threat that every company, even small ones, must face.