One of the biggest threats to your business today is found online. To date, approximately 70% of Canadian businesses have been hit by a cyber attack. The motivations behind these attacks vary. Some hackers think that they are serving some socio or political purpose, hiding behind the guise of hacktivism. Others insert ransomware in order to hold your business website and/or sensitive data hostage until you pay-up (the health-care industry is especially susceptible). Some are disgruntled ex-employees with hacker connections. Others are simply being mischievous. Simply put, it doesn’t matter what line of business you’re in, cyber security is a very real concern. However, you are not powerless. Abide by the following guidelines and you will hedge your risk against the threat of corporate cyber attacks.
6 Tips to Minimize the Risk of Your Business Being Hacked
1. Comprehensive Staff Training
Everyone in your hierarchy has an impact on the IT infrastructure of your business. The entire organization will need IT training, with cybersecurity integrated into the program. Thus, the entire team, whether in-office, on the floor, or working remotely from home or abroad must be included. It’s not overkill. Anyone who uses company email exposes your organization to cyber attacks. All it takes is one malicious attachment or link to take down your business. Staff needs to be trained on how to identify emails that include malware and/or phishing schemes. They also need to understand protocol when it comes to laptops and mobile devices used in the course of business outside of the office. If it’s online it’s all connected. If you manage a large enough company to have an IT department then they can conduct the tutorials. If not, bring in a consultant. It’s worth the investment.
2. Real-Time Software Updates
Your company likely depends on some form of Software as a Service (SaaS). That could be Google for Business or Microsoft 365 and/or any other form of software that helps you deliver or communicate your product/service to consumers. Software, is the gateway for hackers. You must ensure that all software is up to date not only for functionality, but in security. All plug-ins must be updated at all times, as soon as an update is available. Far to often a business website uses a CMS like WordPress, and ignores prompts to update their template or plug-ins. Many of these plug-ins contain security updates. When neglected, you’re exposed, and hackers laying-in-wait take advantage of this. For all plug-ins that you manage internally (WordPress, etc.) make sure that everything is updated. For other SaaS, stay in constant communication with your provider’s support team to ensure that they are applying the necessary updates.
3. Back-Up Everything
Back up all files to an offsite data centre. Consider the cloud too, which allows the added benefit of immediate retrieval. Your goal here is to minimize risk from hacks that either wipe your data, or hold it hostage (ransomware). If the data is not sensitive (customer/client records) then hackers have nothing to hold ransom when you can retrieve it from an off-site download. While backups will not prevent cyber criminals from threatening you with the release of sensitive data, it does minimize your risk of not having any data at all.
4. Encrypt Your Communications
If you’re using an open source email service (you likely are) and have not had it configured for email encryption then you’re exposed. But requiring authentication is not only essential for email. Other corporate communications must be guarded. Encryption can be integrated into voice calls and instant messaging. Sound too high-tech for your small-to-medium business? Chances are, your staff if already familiar with it. Apple’s FaceTime, iMessage and popular apps such as WhatsApp use encryption technology. Your staff will adopt it faster than you think. If your day to day online communications include the passing of any sensitive data, then you most certainly should consider encryption.
5. Hide the Remote Control
We’ve all been there. You have some issue with your computer and have to pass remote control to your IT person so that they can manipulate your desktop or laptop from their location. This is an efficient way to fix a problem. But hackers have exposed this practice too. The rise of surprise ransomware is happening today. This form of attack taps into the remote functionality of corporate computers to spread a virus. Malware developers use Windows native remote access features, combined with third-party software to insert hazardous code into desktops and laptops. To prevent this, have your IT leader disable all remote support applications on corporate computers, and only turn them on briefly when absolutely necessary (to fix a real-time issue).
6. Hire a Hacker
Test your current system. One of the best ways to do so, it to undergo a hack attack. One controlled by you, that is. The marketplace is ripe with “white hat hackers” (aka ethical hackers). They have all of the infamous skills of black hat hackers, but without the cruel intentions. Instead, they use their “talents” for good. They specialize in database penetration testing. They will attempt to hack your company’s IT infrastructure and systems. They will approach your website, your software, and your IT hardware from a hacker’s perspective, doing all they can to get in. In doing so, they will expose vulnerabilities (there are always some) and will provide clear and actionable methods of covering up those holes to keep the threat of a cyber attack at bay. Do not use your own IT person or team to conduct this test (but keep them in the loop) because this test is designed to reveal and correct unanticipated weaknesses in your current system.
Make sure that your plan to combat cyber crime includes comprehensive cyber insurance. Contact Park Insurance today.
