In the early days of the internet, when online commerce was still in its nascent phase, issues pertaining to cybersecurity were rarely top of mind for organizations conducting business online. Of course, everyone knew about having anti-virus software, but that was enough.
David B. Rounds
Much has changed since then. It’s estimated that e-commerce sales last year exceeded $1 trillion, and today it’s impossible to imagine running any type of business or organization without an online presence. Still, the vast expansion of online businesses also presents a much larger—and more attractive—target for cybercriminals.
The latest example: In June, the U.S. government confirmed that multiple federal agencies had fallen victim to cyberattacks exploiting a security vulnerability in the popular file transfer tool MOVEit. It’s estimated that more than 3.5 million residents of Oregon, and potentially over 3 million residents of Louisiana, likely had their personally identifiable information (PII) exposed, including Social Security and driver’s license numbers. Another statistic notes that 60% of small businesses close within six months after a cyber-attack, so all business executives need to take action.
Although cybercriminals continue to seek new ways to attain valuable personal and business data, there are preventive actions that savvy businesses and organizations should consider to thwart online hackers.
Here are some of the most significant steps to consider to beef up cybersecurity and minimize the likelihood of future data hacks.
• Take responsibility for your organization’s data security. It’s imperative that businesses do all they can to keep spyware, malware and other viruses off of their network. Cybercriminals continue to devise new methods to access networks through seemingly innocent and common daily activities. That’s why it’s vital to have a solid, centralized and alerting endpoint protection program installed. Employees should be strongly discouraged or barred from downloading programs such as screensavers, emoticons, peer-to-peer software, music files and other “fun” or lighthearted programs. A single piece of malware installed on any of those can bring down an entire computer network.
• Beware of additional entry points. If hackers are determined to gain entrance into your network, they have more options than just hoping an employee clicks on an email attachment. Ensuring your network has up-to-date security patches and virus definitions is vital. Also important is installing of a strong firewall. It is a worthwhile investment, and businesses should not settle for the cheapest available product or one provided by its internet service provider. A strong firewall is your first line of defense against cybercriminals.
• Train your employees in cybersecurity. Not unlike preventive medicine to avoid illness, proactively training staff about cybersecurity can help avoid costly repairs or replacement of your network. Employees should be trained in best practice use of all electronic devices and how to spot potentially malicious emails and other commonly used methods of infiltrating a business’s network. Your company should have well-established internet security policies, and anyone with access to your network should understand the importance of knowing and practicing safe online business. Your company’s Acceptable Use Policies (AUP) should be provided to all onboarding new employees or anyone who can access your business’s network.
• Require strong passwords for all network users.Passwords are an important element in ensuring a secure network. The basic rule of thumb for passwords is, the longer, the better. Network users’ passwords should include at least one special character, one number, and both uppercase and lowercase letters. Create new passwords for each new application used; two-factor authentication should also be in place whenever possible.
• Use advanced email security. You get what you pay for, and free email security provided with G-Suite or Office 365 does not provide sufficient security. The extra cost of upgraded security is minimal compared with the potential cost to your business if it is hacked. Unfortunately, mailbox-take-over security incidents have become common. As a result, your network security service should include this type of protection. This is similar to the fraud protection on your credit cards, monitoring for unusual logins or activity.
• Have a strong backup system. One of the most common and aggressive forms of cyberattacks is ransomware, wherein a hacker locks up your files and holds them for ransom until you agree to pay a fee. Ensuring that your files are backed up will provide you with an alternative to paying cybercriminals to retrieve your data. In addition, backing up files protects your company from losing data due to employee error.
Backups should be automated, immutable, encrypted, segregated from your production network, and then monitored and tested at least monthly.
• Cyber liability/fraud insurance is a necessity.Even a small data breach can result in legal, forensic and public relations costs that run into tens or hundreds of thousands of dollars. Insuring against these types of costs is just sound business sense.
Given the many complex issues businesses face daily, cybersecurity is often not seen as a top priority. However, the proliferation of online hacking, phishing and spear-phishing, combined with the often exceptionally high cost resulting from data loss, means that taking preventive measures to enhance cybersecurity could well be the best—and most secure—investment an organization can make in 2023 and beyond.
David B. Rounds is the author of the book Breathe Easy: How Just ONE Cyber Attack Can Damage Your Business Beyond Repair…And What You Can Do Now to Stop It. He’s also CEO of NetEffect in Las Vegas, an IT service provider.
Click HERE to subscribe for free to Vegas Inc’s BizClick newsletter. Stay up to date with the latest business news in Las Vegas sent directly to your inbox each Monday.