Identity theft, hacking, and other cyber attacks such as DDoS attacks can be detrimental to a business, leaving employees, customers, and company information vulnerable. Once information has been stolen, it is virtually impossible to “unsteal” it. Think that only large corporations are being targeted? Think again. According to the National Security Alliance, about 20% of small businesses are cyber attacked, with 60% of those attacked having to shut down their business in less than 6 months after the attack.
A recent Forbes article recently noted that while CEOs rarely get fired, a company-wide security breach is one of the few business mistakes that can cost leaders their jobs. One of the best ways to avoid a security breach at your company is to make sure employees are well informed of cyber risks, and ways they can avoid them. Whether you are in charge of your company’s information technology, or you just happen to use a computer, phone, or mobile device in your daily life, you should know these tips for preventing a cyber attack:
Tips for everyone:
- Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.
- Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.
- Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate
- Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.
- Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request.
- Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
- Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.
Tips for IT employees and managers:
- Passwords. The admin level of your website is an easy way into everything you do not want a hacker to see. Enforce user names and passwords should be made difficult (including varying cases, characters, and numbers), and changed frequently. Additionally, passwords should never be written down or posted anywhere public on the computer.
- Hide admin pages. To reduce ease of access and vulnerability into the back end of your website where sensitive data is often stored. In addition to not including the admin page on your site, be sure to not index it so it can’t be found on the web.
- Use SSL. Use an encrypted SSL protocol to transfer users’ personal information between the website and your database. This will prevent the information being read in transit and accesses without the proper authority.
- Remove form auto-fill. When you leave auto-fill enabled for forms on your website, you leave it vulnerable to attack from any user’s computer or phone that has been stolen. You should never expose your website to attacks that utilize the laziness of a legitimate user.
- Back-up frequently. Just in case the worst happens anyway, keep everything backed-up. Back up on-site, back up off-site, back up everything multiple times a day. Every time a user saves a file it should automatically back up in multiple locations. Backing up once a day means that you lose that day’s data when your hard drive fails. Remember every hard drive will fail.
- Bring a cyber security expert into your company. Security experts such as former FBI agent, Eric O’Neill, or the world’s most famous hacker, Kevin Mitnick, who has now dedicated his career to helping corporations avoid malicious cyber attacks, can share inside knowledge about how to keep your business safe. Who can better teach your organization how to stay safe, than the hackers themselves?
The content writers at BigSpeak Speakers Bureau are Experts on the Experts. They hold doctoral, masters, and bachelors’ degrees in business, writing, literature, and education. Their business thought pieces are published regularly in leading business publications. Working in close association with the top business, entrepreneur, and motivational speakers, BigSpeak content writers are at the forefront of industry trends and research.