A cyber attack, whether it's loss of customer data, corrupted hardware, or loss of access to online files and software programs, can cripple a business' operations.
Continue Reading Below
Most often we hear of corporate giants becoming victims of cyber attacks. But small businesses are just as susceptible and often underprepared to handle such attacks. A study by Internet security software company AVG Technologies, found that 52% of small business owners polled don't have an IT security policy.
So what can a small business owner do to prevent a cyber attack? We asked leading online security experts from around the country and here's what they had to say:
Invest in Your Technology
When it comes to protecting your business, it's better to play offense.
Robert Gorby, global head of Small Business Marketing at AVG Technologies advised:
Continue Reading Below
•Spend time acknowledging what type of protection you need. Ask yourself, are you just using workstations or do you have remote employees? Are you using file servers and e-mail servers? Make sure the technology protection you are using matches the network your business is running. Often, businesses protect their laptops and PCs, but their file servers or e-mail servers don't have protection.
•Consider how Internet active the business is. Do you have online customer data? Do you enable online transactions? If so, consider higher-end protection like Internet security as opposed to simple anti-virus.
•Protect remote workers. If you have a lot of remote workers who dial in, consider having firewalls on laptops and PCs.
•If you are hiring an outside IT security company, look at business testimonials. Sometimes when business owners speak to consultants, they don't understand the technicalities being explained, so they should ask for references, credentials, awards and certifications.
Create a Company Policy
Not all attacks occur from outside the building, it can just as easily be a disgruntled employee.
Tim Hogan, Elite Services consultant at Alper Services, recommended:
•Create a risk assessment team that will determine who needs access to what within the company. That will help you figure out where logins and extra security are required.
•Put controls in place for physical assets. Are laptops locked up every night or can they just be popped out of the docking stations? Do your employees know not to leave a laptop in the backseat of a car? Do you have a policy for what can go on an easily misplaced thumb drive? Are the places where your information is stored easily transportable?
•Test your security measures. Most people don't understand or test their systems. Testing these systems will show you where vulnerabilities or holes exist. Set up a regular schedule for threat assessments.
Train Your Staff
People tend to be more careful and secure on their home computers than they are at work, make that change.
Aimee Larsen Kirkpatrick, director of communications and outreach at the National Cyber Security Alliance, advised:
•Make security part of the workplace culture. Often, business owners will bring in someone to make a presentation at lunch and then everyone goes back to work forgetting everything they just heard. By making security a 365-day practice; by requiring daily file back-ups, employees understand they have a stake in keeping the company safe.
•Teach employees to identify threats like phishing, spear-phishing and social engineering. Good e-mail practices include knowing when not to click on links and taking time to verify with the sender.
•Invest in multi-factor authentication and teach employees to make strong passwords. Have a policy with social media so that data is not being compromised.