A cyber attack, whether it's loss of customer data, corrupted hardware, or loss of access to online files and software programs, can cripple a business' operations.
Most often we hear of corporate giants becoming victims of cyber attacks. But small businesses are just as susceptible and often underprepared to handle such attacks. A study by Internet security software company AVG Technologies, found that 52% of small business owners polled don't have an IT security policy.
So what can a small business owner do to prevent a cyber attack? We asked leading online security experts from around the country and here's what they had to say:
Invest in Your Technology
When it comes to protecting your business, it's better to play offense.
Robert Gorby, global head of Small Business Marketing at AVG Technologies advised:
Create a Company Policy
Not all attacks occur from outside the building, it can just as easily be a disgruntled employee.
Tim Hogan, Elite Services consultant at Alper Services, recommended:
•Create a risk assessment team that will determine who needs access to what within the company. That will help you figure out where logins and extra security are required.
•Put controls in place for physical assets. Are laptops locked up every night or can they just be popped out of the docking stations? Do your employees know not to leave a laptop in the backseat of a car? Do you have a policy for what can go on an easily misplaced thumb drive? Are the places where your information is stored easily transportable?
•Test your security measures. Most people don't understand or test their systems. Testing these systems will show you where vulnerabilities or holes exist. Set up a regular schedule for threat assessments.
Train Your Staff
People tend to be more careful and secure on their home computers than they are at work, make that change.
Aimee Larsen Kirkpatrick, director of communications and outreach at the National Cyber Security Alliance, advised:
•Make security part of the workplace culture. Often, business owners will bring in someone to make a presentation at lunch and then everyone goes back to work forgetting everything they just heard. By making security a 365-day practice; by requiring daily file back-ups, employees understand they have a stake in keeping the company safe.
•Teach employees to identify threats like phishing, spear-phishing and social engineering. Good e-mail practices include knowing when not to click on links and taking time to verify with the sender.
•Invest in multi-factor authentication and teach employees to make strong passwords. Have a policy with social media so that data is not being compromised.