It’s 2 am and the police are calling. You just had a break-in at the office. You hurry to get to the office. The safe in the sales office was found open – and empty – and a couple of your computers are missing. You work with the police to start the detective work to figure how this happened. Was the safe left open on accident or did someone intentionally break-in? Who was the last to leave the office? Who has keys to the building? Was the building locked when the last person left? As you sort through these questions, how many are simple to answer and how many require help from one of your managers?
What would you have done if the call came from a disgruntled customer who had his credit run without his authorization? Would your employees accidentally send a company wire paid to a bogus account posing as a dealership? Break-in’s don’t always come in the front door. Today the threat is through our computers and mobile devices. Cyber security is more important than ever. Many small and mid-size companies are at risk for a cyber related attack.
Many individuals and companies believe that a hacker wouldn’t want the information on their computers. Where are you storing your customer’s social security number and date of birth? If you aren’t storing your customer’s sensitive information on your computer, what’s the risk? Security expert Brian Krebs says that most people are misinformed or not educated on the subject and depicts the vulnerability of your hacked PC. (click the image below for more detail)
You may be more at risk than you thought. Several queries and transactions are completed on your computers everyday. Company bank statements, transactions, software logins to run your customer’s credit bureau, as well as the hundreds of emails between you and your customers and/or vendors. If someone was tracking your keystrokes throughout the day, what would they gain access to? Is your company vulnerable to a cyber attack?
What are you doing right now to protect your company’s and customer’s information held on your business computers? We have identified 7 ways to protect your company and prevent a cyber attack.
1. Train your employees
Your employees are one of your biggest assets in your defense against a cyber attack – but can also become your biggest risk if they are not trained. According to Dobson Technologies, “Most breaches occur because an employee clicked on a link or provided information that allowed a cybercriminal access to the network.”
Employees should be trained to review the senders of emails for authenticity. An annual or biannual training can bring awareness to new cyber threats, which are constantly changing. Many fraudulent emails rely on a simple click to unknowingly download a virus.
“Employees who work in the accounting and F&I departments are most at risk for being targeted by sophisticated email scams.” Your employees may receive an alert to an issue with the bank account or wire transfer request. Cyber threats come in many forms. If you are not vigilant about awareness and training, you could fall victim to a scam costing your business thousands of dollars.
2. Limit employee access and delete inactive users
Create individual logins for your employees. Using individual logins gives you complete control for access, granting permissions and removing access when employees leave the company. Many CRM and software programs allow you to review a log of your employee activity. You lose this functionality when employees are sharing logins.
Don’t share logins. Do you only have one login for your _____ account? Ask the vendor to setup more user accounts. You are protecting your company by doing the extra legwork to set up additional users.
When setting up a user account, review the employee’s job duties and avoid granting unnecessary access. Be conservative in your access. “Unauthorized people should not have access to company computers and accounts.” Should the user be able to view reports or complete transactions? Spending more time in the setup of new users will pay dividends for the future.
Delete inactive users. Keep a log of what software and websites each employee has access to. When the employee leaves the company, promptly remove access. If they were a primary contact, this allows you to appoint the correct replacement and not flounder when an issue arises.
3. Choose robust passwords and change them often
Although we all hate the complicated passwords we can’t remember, these passwords aren’t as common and protect our accounts – the very reason passwords exist altogether.
The Next Web recommends “requiring the use of capital letters, numbers and symbols (or combinations thereof)” to increase the strength of your passwords. “Strong passwords that are difficult for hackers to brute-force their way through are even more effective than regularly changing weak passwords.”
Change passwords frequently. Force your employees to update passwords no less than every 90 days for the most protection.
4. Use a two-step verification process
Further increase your password security by requiring a second way to identify authorized users. A two-step verification process requires the user to obtain an access code sent to their email or cell phone, for example. The user then enters this one-time code at the time of login to verify their identity. The Next Web states “Having a two-step verification process adds another layer of protection for data, which is essential when there are so many devices now being connected together with the same username and password.” Dobson Technologies also recommends two-step authorization, “Access control to your computer network is paramount to security, which starts with confirming a user’s identity with two different components for access.”
5. Backup your CRM and information held on computer hardware
Regular backups of your computers and software should be completed daily or weekly. Most backups can be automated and scheduled from offsite, alleviating a manual task from your IT staff. “If you backup your files regularly, you are nearly impervious to ransomware, and don’t need to worry about corrupted or deleted files, in case of a cyber-attack.” According to Forbes.com, “All important information should have a copy.”
6. Continually update your security software and firewalls
Hire an expert to manage your technology and website security. If your website security is being managed by an employee, ensure they are being constantly ed