Small businesses may not be the prime target for a hack on the scale of the recent attack on Sony Pictures, but that doesn’t mean it can’t happen. A data breach can happen to any-sized company, and for the small ones it can be catastrophic.
“It’s a huge deal,” says Ted Devine, the CEO of Insureon, an insurance company focused on small businesses. “Sixty-percent of small businesses that are hacked go out of business within six months.”
In November, hackers infiltrated Sony Pictures Entertainment’s computer network and started releasing details about movies as well as embarrassing emails from the bigwigs at the entertainment company. An investigation launched by the FBI revealed North Korea was behind the attack, which preceded the company’s release of “The Interview,” a satire about North Korea’s leader.
Sony is making headlines this month, but it’s not the first and won’t be the last digital attack on a company. In fact, according to Credit Union National Association, in 2014 there have been more than 744 data security breaches, marking a nearly 25% increase from 2013.
While your business may not be the target of another country, it could be the bullseye for a disgruntle employee, an upset customer or just the luck of the draw, which is why security experts say you can learn a lot from Sony’s nightmare. From encrypting all digital communications to spending the money for insurance, here’s advice.
Encrypt, encrypt, encrypt
One of the reasons the Sony hack was so devastating for the company is because a lot of their data wasn’t encrypted, which means once the bad guy is in the system its happy hunting.
“You don’t leave hundreds of emails unencrypted,” says Devine. “What Sony did not do was kind of staggering.” Security experts say to encrypt any sensitive data, particularly if you save your passwords on your computer. “If the data was encrypted the hacker couldn’t do anything with it,” notes Devine.
Install security software and keep it updated
For most of us, running a business is more than a 24/7 job, so spending time to install let alone keep security software updated can be challenging. But doing nothing can be a lot more costly, which is why security experts say you have to stay on top of your network, which means making sure you have a firewall installed, any patches that come out are updated and that you have protections in place against spam, spyware and any other malicious code a hacker may throw your way. Devine says it’s even worthwhile to hire an outside party to run a penetration test on your system once or twice a year to see if they can get into the system in the same way a hacker would.
Assume your employees aren’t careful online
Hack attacks have become much more sophisticated and often the bad guys use social engineering to target employees within a company. While you can tell employees how to be careful, you can’t guarantee it, which is why Dave Aitel, CEO of security company Immunity says to always assume you’re employees will fall for phishing and other online scams and plan accordingly. For instance, Aitel says you can consider using thin client machines that don’t have local storage, segmenting the network so an attack in one area won’t spread across the entire system and use browsers like Chrome or Firefox that have security plugins such as adblockers.
Embrace ephemeral messaging
As the Sony executives are quickly learning, you can’t take back what you say in an email, text, post or Tweet, which is why some security experts say businesses of all sizes should embrace the idea of ephemeral messaging or mobile-to-mobile messaging that disappears automatically once the message has been viewed.
“In light of what’s happened, we’ve once again been reminded that our digital communications, whether over email, mobile or wherever, are not safe and can easily be used against us,” says Brad Brooks, founder and CEO of TigerText www.tigertext.com, an app that lets co-workers text securely. “It’s been reported that Hollywood execs are turning to phone calls as a result of what’s happened, but why go back in time? Enterprise organizations should be using ephemeral messaging to take control over the lifespan of a conversation.” While many of the ephemeral apps are geared toward consumers like the popular SnapChat, small business owners can also employ them. If your communications are all via email, it’s a good idea to have a policy on the books about deleting it after a week, month or six months.
Consider taking out cyber insurance
Rewind a few years ago and most experts would scoff at the notion that small business owners needed insurance to protect against cyber-attacks, but a lot has changed. It doesn’t help that small business owners are more vulnerable to an attack because often they don’t have the IT staff to monitor and protect their systems.
“Every single small business that deals with customer data in some form should have cyber insurance,” says Devine. “Around 44% of small businesses have been hacked in the last two years. This is a major issue and an opportunity to protect yourself.”