10 Ways To Protect Your Business From Cyber Attacks

swordfish hacking

Computer hacker Kevin Mitnick’s tell-all book “Ghost In The Wires” hit the shelves this week, adding even more media buzz to the frenzy of cyber-attacks in the past year.

Click here to see the basic security measures >
Groups like Anonymous and LulzSec have constantly appeared in headlines, and the nation’s most seemingly sturdy companies — like Citigroup, Google and Lockheed Martin — have all fallen victim to one attack or another.

There’s no need to panic, especially if you’re a small business (since larger entities are usually the targets), but it’s imperative to take precaution. Symantec’s 2010 threat report estimates that 75% of enterprises experienced some form of cyber attack during the year prior, and with all that important data you have stashed away, the consequences of a breach can be dire.

We consulted Roland Cloutier, Chief Security Officer for ADP and a board member for the National Cyber Security Alliance, and Matt Watchinski, Senior Director of the Vulnerability Research Team for cybersecurity provider Sourcefire, to find out the most important steps every small business should be taking to protect themselves from cybercrime.

Establish strong passwords

Implementing strong passwords is the easiest thing you can do to strengthen your security.

Cloutier shares his tip for crafting a hard-to-crack password: use a combination of capital and lower-case letters, numbers, and symbols, and make it 8 to 12 characters long.

According to Microsoft, you should definitely avoid using:

  • any personal data (such as your birthdate)
  • common words spelled backwards
  • sequences of characters or numbers, or those that are close together on the keyboard

Use their convenient password checker to see how strong yours is.

As for how often you should change your password, Cloutier says that the industry standard is 'every 90 days,' but don't hesitate to do it more frequently if your data is highly-sensitive.

Another key: make sure every individual has their own username and password for any login system, from desktops to your CMS. 'Never just use one shared password,' says Cloutier.

And finally, 'Never write it down!' he adds.

Put up a strong firewall

In order to have a properly protected network, 'firewalls are a must,' Cloutier says.

A firewall protects your network by controlling internet traffic coming into and flowing out of your business. They're pretty standard across the board -- Cloutier recommends any of the major brands.

Install antivirus protection

Antivirus and anti-malware software are essentials in your arsenal of online security weapons, as well.

'They're the last line of defence' should an unwanted attack get through to your network, Cloutier explains.

Update your programs regularly

Making sure your computer is 'properly patched and updated' is a necessary step towards being fully protected; there's little point in installing all this great software if you're not going to maintain it right.

'Your security applications are only as good as their most recent update,' Watchinski explains. 'While applications are not 100 per cent fool-proof, it is important to regularly update these tools to help keep your users safe.'

Frequently updating your programs keeps you up-to-date on any recent issues or holes that programmers have fixed.

Secure your laptops

Because of their portable nature, laptops are at a higher risk of being lost or stolen than average company desktops. It's important to take some extra steps to make certain your sensitive data is protected.

Cloutier mandates 'absolutely: encrypt your laptop. It's the easiest thing to do.'

Encryption software changes the way information looks on the harddrive so that, without the correct password, it can't be read.

Cloutier also stresses the importance of never, ever leaving your laptop in your car, where it's an easy target for thieves. If you must, lock it in your trunk.

Secure your mobile phones

Cloutier points out that smartphones hold so much data these days that you should consider them almost as valuable as company computers -- and they're much more easily lost or stolen. As such, securing them is another must.

The must-haves for mobile phones:

1. Encryption software

2. Password-protection (Cloutier also suggests enabling a specific 'lock-out' period, wherein after a short amount of time not being used, the phone locks itself)

3. Remote wiping enabled

Remote wiping is 'extremely effective,' Cloutier says, recounting the story of one executive who lost his Blackberry in an airport, after he had been looking at the company's quarter financials. The exec called IT in a panic, and within 15 minutes they were able to completely wipe the phone.

Backup regularly

Scheduling regular backups to an external hard drive, or in the cloud, is a painless way to ensure that all your data is stored safely.

The general rule of thumb for backups: servers should have a complete backup weekly, and incremental backups every night; personal computers should also be backed up completely every week, but you can do incremental backups every few days if you like ('however long you could live without your data,' Cloutier explains).

Getting your data compromised is a painful experience -- having it all backed up so you don't completely lose it will make it much less so.

Monitor diligently

'All this great technology... is no good unless you actually use it. You have to have someone be accountable for it,' says Cloutier.

One good monitoring tool Cloutier suggests is data-leakage prevention software, which is set up at key network touchpoints to look for specific information coming out of your internal network. It can be configured to look for credit card numbers, pieces of code, or any bits of information relevant to your business that would indicate a breach.

If you don't monitor things, warns Cloutier, 'it's a waste of time and a waste of resources.' And you won't know that you've been compromised until it's far too late.

Be careful with email, IM, and surfing the web

Educate your employees

Teaching your employees about safe online habits and proactive defence is crucial.

'Educating them about what they are doing and why it is dangerous is a more effective strategy than expecting your IT security staff to constantly react to end users' bad decisions,' Watchinski says.

It's not easy: 'One of the most difficult things to do is protect end users against themselves,' he adds. But ultimately, prevention is the best approach to handling your data security.

Make sure your employees understand how important your company's data is, and all the measures they can take to protect it.

Now here are some more small business tips

NOW WATCH: Ideas videos

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.