If you keep up with the news, there’s no doubt you have heard of the enormous losses suffered by a number of retail giants. Though it was by no means the first, the data breach at Minnesota’s own Target Corporation in 2013 not only exposed the company to huge fines, but shattered consumer trust at the height of the holiday season. More giants fell victim to similar attacks over the course of the year—with no end in sight.
Perhaps worst of all is that small businesses are not beneath the attention of these global cyber criminal networks. With a more limited budget for information security, most small businesses are at risk of one kind of attack or another. Currently, the average loss for companies with fewer than 100 employees exceeds $155,000 due to fraud, identity theft, and cybercrime, according to the Association of Certified Fraud Examiners.
What Can You Do?
Maintaining a strong password policy is parallel to exercising daily—everyone knows they should, often they even want to, and yet does it always happen? Hardly. Just as regular exercise will keep your body healthy, enforcing a strict password policy presents a hardy bulwark against the most common basic avenues of attack likely to be used against your business.
So what can you do to accomplish this effectively? Think of requiring the recommended 12-character-long passwords for each of an employee’s online accounts as raising a hurdle for them to jump.
For the average person, it’s simply too high and they’ll just go around it, writing down their passwords and posting them on their walls for everyone to see—a real security risk in itself. On the other hand, lower it by reducing your policy to six-character, easy-to-remember words or numeric combinations makes the password so easily cracked that you had might as well invite the hackers in.
The answer? Password management utilities like KeePass or LastPass. Such programs require the user to enter and remember only one strong password that gives them access to their own highly-encrypted password database that stores and generates passwords for their various accounts. Like this, your passwords can be secure above and beyond the capabilities of even the most powerful supercomputer.
Additional security measures you can take are enforcing the expiration and renewal of passwords every 30-60 days and making sure to train employees on the proper use of the password manager.
Firewall and Antivirus
While the free versions may be sufficient for the average home user, your business should make use of an enterprise-level firewall and antivirus setup. Whatever the price of the initial installation and setup, the protection they offer against losing far more is invaluable. For this, it can be wise to seek out and build a relationship with a professional IT service.
Additionally, this kind of firewall can filter out Internet traffic that is not work-related. While blocking Facebook is inadvisable (it leaves employees disgruntled and they can typically just turn to their phones instead), other content may be entirely inappropriate for the workplace and be a source of malware and viruses.
One added bonus: you can block out advertisements! While you can do this from your Internet browser already (AdBlock for Chrome and Firefox), enforcing it company-wide protects against malware and reduces bandwidth consumption. Once you’ve seen the internet sans ads, you may never go back.
First and foremost, maintain a strict separation of your personal banking and credit accounts from your business accounts. It insulates both accounts from one another (so long as you practice good password policy—above), whether the attacker is a cybercriminal or a litigious party.
Likewise, hand out company credit cards sparingly and, whenever possible, pay your bills online. If you must send snail mail, trust only a secure mailbox for sending and receiving and make liberal use of an enterprise-grade document shredder. Of course, you should still regularly monitor your bank accounts for suspicious activity—most banks now offer easy-to-use secure, read-only account access over the Internet.
If the above sounds like paranoia, just remember that companies remain as tight-lipped about their digital security (or failure thereof) as possible. That we are treated with the news of retailer after retailer being victim to such attacks should indicates that the cybercriminals cast a broad net. You don’t want to rely on luck for slipping by.
Your employees may not fully grasp the risks present in the digital age, particularly given the constant arms race between hackers and security. Training that both fosters a desire to stay secure and teaches the knowledge necessary to do so is important for employees new and old alike.
Verify that your existing insurance covers you against the losses or liability suits caused by cybercrime and, if not, make it a priority. Remember, taking the security steps outlined above may afford you a reduced rate.
How we can help
A comprehensive asset protection plan for both your business and personal assets is a must for any business owner. If you’re a small or mid-size business owner, call us today at 612-206-3701 or reach out via our online contact form to schedule your comprehensive LIFT™ (legal, insurance, financial and tax) Foundation Audit. Normally, this session is $1,250, but if you mention this article and we still have room on our calendar this month, we will waive that fee.
Images Courtesy of chanpipat, jscreationzs, digitalart | FreeDigitalPhotos.net