Cybersecurity is a thorny subject. Everyone knows they need to protect their data. Everyone knows spam email can be dangerous.
But, because cybersecurity threats are constantly changing – and hackers are always looking for new ways to penetrate defenses – it can be difficult to pin down what, exactly, a responsible company needs to do in order to protect its data and its customers.
Not just huge companies
Data breaches are commonplace at this point; they were reported daily in 2018. Companies in all kinds of sectors were affected – retail, healthcare, education, social media, and more.
These breaches can expose enormous amounts of customer data, which is what happened to Marriott. Its breach of network security led to the theft of personal data of up to 500 million people. The breach occurred over a four-year period, which gives you an idea of how pervasive a data breach can be – and how easy it can be to miss indications that data is being illegally accessed.
Some of the companies who experienced data breaches in 2018, such as Facebook and Toyota, were large enough to have reasonably expected they would be targeted by hackers at some point. But, hackers don’t have a revenue threshold for taking aim at a company’s data. In fact, the majority (more than two-thirds!) of cyber attacks reported come from small businesses, according to CloudNexus.
And what if a small business is hit by a cyber attack? It could mean curtains. More than half of all small businesses that are the victims of hackers wind up closing within six months of the attack. That’s why it’s imperative for small and mid-sized businesses to take IT security seriously.
What can you do?
Though it’s impossible to create an impenetrable shield around your company’s data, there are a number of obstacles you can build to discourage cyber attack. For example, you can prevent spam emails by using an email filtering system, such as Mimecast. Spam emails are one way hackers fool end users into revealing information or introducing viruses to their companies’ systems.
Take the example of a school district in Florida that wound up wiring almost $2 million to a person masquerading as a trusted contractor. The con man was able to do this because he sent a spam email spoofing a legitimate company. Because the school didn’t realize the email was fraudulent, it led to a mess.
Two-factor authentication is also a good best practice. Programs such as Duo confirm identity in two different ways – like a password and a code texted to the user’s mobile device – in order to keep hackers from impersonating legitimate users.
Another important choice that responsible companies make is working closely with IT support and cybersecurity companies. These companies, such as BNC Systems, can provide security consulting tailored to the way you do business.
For example, an IT support company can execute a security-focused maintenance check that can identify and lock down exposure points, from firewall vulnerabilities to user rights and access, and more. Having that kind of security in place might not guarantee your business will never be hit by cyber attacks, but it can make it significantly less likely that it will happen. These types of security measures also make it easier to quickly identify and halt any attacks that might occur.
If you have questions about securing your business, please feel free to email BNC’s security team.