When I talk to business owners about online risks, I often hear these common responses:
"Our customer data is not valuable enough to attract cyber criminals."
"We are too small to be targeted by cyberattacks."
"We have antivirus software installed, so we are protected."
"This security thing is too expensive for us."
Unfortunately, all customer data is valuable, and cybercriminals are always looking for new targets. They may try to disable your business information systems, steal your data, or use a breached computer as a launch point for other attacks for commercial gain. Most attacks are carried out by bots (programs), not by humans, and they are usually about the opportunity. If your business is an easy target, they will give it a try.
To mitigate these risks, you can take the following measures:
Invest in good quality endpoint anti-virus protection that does more than just look for malicious code when you start an app. It should protect your browser, browser data, emails, and much more. Remember, you get what you pay for, and the antivirus built into Windows (Defender) is not enough.
Many attacks rely on vulnerabilities. The most effective way to protect yourself is to apply patches that fix these vulnerabilities. This includes everything that touches your network, such as your apps, mobile devices, network devices, modem, printer, and website. There is no one-size-fits-all solution here, as it depends on your technology environment.
Data loss is inevitable, whether it's due to an innocent mistake like accidentally deleting the wrong version of a file, a system crash, or malicious attacks like ransomware. Backing up your data will help you get back up and running as quickly as possible, mitigating the risk of downtime and financial loss.
Weak passwords are still a common problem, with 'password' being one of the most common passwords. Reusing the same password across multiple sites is another major issue. Use a password manager to save yourself the trouble of remembering and reusing passwords.
Phishing scams and malicious attachments are still prevalent, and people still fall for them. A secure email gateway can catch all of these and more.
Encrypting your data will protect it even if your computer falls into unwanted hands. Without the encryption key, the other computer will only see gibberish.
You, the user
Your common sense is still one of the most effective tools. If an online approach sounds too good to be true, it probably is. The tools and processes mentioned in this article should work in the background when you're not actively monitoring them.
Responding in a timely manner when a cyber event occurs is critical for successfully mitigating loss. Ideally, you will have an expert already engaged who understands your business, its data, and your IT infrastructure. You don't want to be doing a Google Search on how to handle cyber events when they happen.
Just like insurance, it is cheaper to prevent and protect than to deal with the damage.
In this article, we've discussed some best practice considerations that answer the "what" question. The "which" and "how" questions depend on your business IT infrastructure, so it's recommended to consult with your trusted IT technology expert as soon as possible to answer the "when" question.
Zoltan is an Auckland-based technology consultant that specialises as a Solution Architect and Cloud Wizard