If there's one truth in today's cyber age, it's that no business is immune from a cyberattack. Given the increasing amount of business information that's stored online—or in external-facing (aka Internet-connected) devices—it shouldn't come as a surprise that there are a seemingly endless number of cyber criminals out there vying for your data and pertinent information.
While an attacker may reap a more significant reward from hacking into a larger company, it's a lot easier—and, in some ways, can be more lucrative—to target small businesses. This is primarily because, simply put, small businesses think they're too small to be attacked. They don't have the big bucks to invest in an IT department, so they often forgo an IT defense system altogether. This is a huge mistake.
It doesn't have to cost a lot to avoid becoming a victim of cybercrime. Essentially, you need a two-pronged defense strategy—one that keeps external threats out and simultaneously manages the internal ones. There are a few elements you can implement to do this effectively, without breaking the bank.
External threats
Detecting an unprotected network is rather easy to do. Cyber criminals deploy automated searches using botnets—a type of code—that run scans of various networks and sends reports back to the attacker. The simplest way to prevent an attack, therefore, is to protect your system from being identified by the attackers and botnets, in the first place.
The best way to do this is by installing a firewall. You may need assistance in configuring this defense measure—which really won't cost very much—but essentially you want to choose the setting "deny all" to prevent all external threats from entering your network. Once that's done, you can create an approved list of sites and network traffic that the firewall can allow in.
Another way to combat external threats is to change all your defaults—namely, the default passwords on all external-facing devices (such as your router and firewall), as well as the names of your wireless networks. A virtually impenetrable password is at least 15 characters long, with a good mix of numbers and upper and lower case letters.
When it comes to naming your wireless network, avoid anything that would allow an outsider to figure out which network is yours. The more obscure the name, the better—and always make sure to have a strong password and the wireless encryption turned on.
To make sure you've plugged as many external security holes as possible, take advantage of free online network scanners available at websites like qualys.com. These sites scan your system for known vulnerabilities and offer suggestions to fix any holes. Performing this 15-minute scan every quarter is a baseline recommendation so you are aware of any recent security weaknesses with your network.
Internal threats
For most "inside jobs" there was likely some existing weaknesses or vulnerabilities to internal IT security and controls. When it comes to protecting your company's data and important information from the inside, your ultimate goal is to remain in control—and limit the number of people that have access to your classified information.
Many of the steps required to achieve this are very similar to managing external threats—strong passwords, for example, are essential when protecting important areas of information. You also want to use reputable, up-to-date anti-malware and anti-virus software, and ensure only Administrators have access to such installations.
Lastly, it's critical to have a good method of backing up your data—and for most small businesses, the cloud is the safest and most cost-effective way to do this. Backing up important information properly will allow your business to recover from loss due to theft, hardware malfunctions or data corruption.
While leveraging some IT security consultants is never a bad thing, by following the above steps you can keep those costs to a minimum, and set down some basic but critical security measures to keep your business networks safe.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.