CyberCrime: Protect Yourself and Your Business
There are two points a manager or owner of a small- or medium-sized business (SMB) should understand:
- SMB’s are as vulnerable to cyber attacks as large enterprises, if not more.
- Cybersecurity for SMB’s is not rocket science.
Let’s break these down. Explanation of the first item is rather simple: lack of time and money. More specifically:
- No dedicated IT security specialist on the payroll
- Lack of risk awareness
- Lack of employee training
- Failure to keep security defenses updated
- Outsourcing security to unqualified contractors or system administrators
- Failure to secure endpoints (computers)
Further reading:
https://www.watchguard.com/docs/wg_kaspersky_smb.pdf
The second item is a bit more entailed. Notice the wording, “…not rocket science.”, does not imply that it doesn’t require effort and dedication! Let’s begin.
Protect Your Credit Cards and Bank Accounts
Always use the security axiom of least privilege, which means sharing banking information with only those who absolutely need it.
Separate business banking from personal, whether it be bank accounts or credit cards.
Use online bill pay, as your bank’s security measures are likely to be more hardened than that of placing personal checks in the mail.
If forced to use paper, use a secure mailbox at the post office for receiving and sending bills. The fewer hands that touch your mail, the better.
Use a Dedicated Computer for Banking
It is a wise practice to use one computer for your online banking as opposed to several. The target computer should not be used for casual web browsing, and should be protected by a reputable anti-malware product. Avoid sharing the banking computer with non-accounting staff and personal contacts.
Implement a Password Policy
Be sure to change your passwords periodically on critical online accounts.
Set complexity rules for all passwords which require min. of 8 characters, one numeral, one lower case alphabetical character and one upper case alphabetical character.
Use a different password for each online account.
Do not use dictionary words or common names.
Do not use letters or numbers in sequence.
Store passwords in a digital vault.
Employee Background Checks
The reason for background checks is self-explanatory. The key here is to comply with all state and federal regulations and exercise process fairness toward employees and candidates. Service bureaus in this category are bountiful.
Further reading:
http://www.nolo.com/legal-encyclopedia/colorado-laws-employer-use-arrest-conviction-records.html
Secure Your IT infrastructure
Three words: backups, firewall, anti-malware.
These three elements, when properly implemented and integrated, are your most effective defense against cybercrime.
Small-business firewall systems from Sonicwall can block viruses, intrusions, and spyware before they touch your PC or Mac.
Top anti-Malware software providers include BitDefender for the PC and Android phones, and Avira antivirus for the Mac.
Additionally, consider computer encryption, a software-based solution which allows only the person with the computer’s password to read its data. Any attempt to circumvent the password will result in a permanent lockout.
Insure Your Business
Regardless of your defenses against cybercrime, you should still seek insurance coverage against losses. Ask your provider specifically for cyber insurance. Otherwise, contact Travelers, AIG, or Insureon.
Educate Your Staff
Lastly, bring your staff up to speed on all of the above and create awareness. Unlike some other company functions, security is everyone’s job. One stolen or compromised laptop is all it takes to significantly damage an organization.
In the Media
If you are a cybersecurity enthusiast, you’ll find the following entertaining:
https://www.symantec.com/security-center/writeup/2010-071400-3123-99