Protect Your Company Against Cyber Threats

Cybercriminals net billions of dollars in revenue annually because of their illicit activities. Every few months we hear about a new massive hack at one of the big corporates. For the small to medium business owner, these reports might give a false sense of complacency.

They often make the mistake of believing that they’re not a juicy target for a hacker and no need for cybersecurity. In a way, they’re right – they don’t have the same data as a Fortune 500 company. But that’s no reason to get complacent – they’re still a good target for a hacker.

At the very least, a hacker can make some money using a ransomware attack. They might even pose as a senior company official, or trusted client to get money or information in a new form of phishing. They might hedge their bets by adding a ransomware virus to a phishing attack - 94% of ransomware attacks start with a phishing email.

And, before you smugly state that you’d recognize a phishing email, let me tell you about a study by Intel. The company ran a survey to determine how easily people would be able to pick up phishing emails. They had ten different examples and 19000 people took the survey.

Only 3% of us will recognize a phishing email every time. It’s time for every business, big or small, to take cybersecurity seriously.

How can Companies protect themselves against Cyber Threats?

When it comes to phishing emails in particular, and malware in general, knowledge, and vigilance are your best lines of defense.

Step 1 - Email Scanning Software

Start by supplementing your antivirus protection with great email scanning software. Cloud-based apps can sniff out emails that look “phishy,” or that may contain malware and quarantine them for further inspection. The email is then held in the cloud until it’s either released by an authorized user or deleted permanently. The primary advantage of this kind of application or software is that it reduces the chance of human error.

Step 2 - Security Awareness Training

Your software will catch most of the dodgy emails, but employees must know how to recognize phishing emails if one or two slip through the net. They’ll also need to know about some of the other tricks that a hacker might employ.

Say, for example, a hacker loads up a USB with malware. They might come into your offices for an appointment and accidentally drop the USB. Someone on staff who knows no better will plug it in to find the owner and your system is infected.

There are so many scams out there that it’s hard to keep track. There’s be gaps in knowledge for all of us. Fortunately, security awareness training to close those gaps so that you can prevent a united front against cybercrime.

Step 3 - Limit Access to Data

It’s a fact of the modern world. You can’t afford to trust everyone that works for you. An employee might decide to skim information to misuse or sell off later. They might be approached by a syndicate for the same reason. Some criminal syndicates even use plants within the company to gain access to the data.

There’s also the possibility that a disgruntled worker might decide to delete sensitive information or sabotage the system. It may sound like something out of a spy novel, but it’s something that does happen.

The best way to protect yourself here is to limit every employee’s access to the system to just the essentials that they need to perform their job. A cashier operating your point of sale system doesn’t need access to your company’s bookkeeping system.

It’s also essential to have a formal exit procedure in place, especially when it comes to employee access. One of your first tasks, as they walk out the door, should be canceling their access to the system

Step 4 - Formalize Your Data Protection Procedures

It’s advisable to put a formal set of procedures in place to help remind your employees of good cybersecurity practices. Where possible, automate systems to ensure that they have no choice but to follow the rules. You could, for example:

  • Make passwords expire every thirty days
  • Lockout social media sites and limit internet access
  • Program your anti-virus software to scan every incoming file before allowing it to be opened

While you’re busy with those procedures, don’t forget about giving staff rules on how to deal with outsiders visiting their workspaces. Hackers have been known to impersonate clients, contractors, and so on to gain physical access to the building. It’s an old-school trick and useful because hacking a system from a computer in the network is a lot easier.

When it comes to any visitor to your office, restrict their access as far as possible. And never let them wander around the building alone.

Final Notes

Security awareness can help to boost your data security by creating awareness of potential attacks and teaching your employees to defend against them. So, overall, it is a good idea to consider it.

On its own, though, it’s not enough. You’ll also need to implement some of the other tips that we’ve suggested here today.