Preventing a Cyberattack on Your Business

Securing your company online begins with training your team on how to safeguard sensitive data.

Think your business can withstand a cyberattack? No matter how strong your firewalls are, your company’s risk is probably higher than you think.

The number one cybersecurity threat is social engineering, which is the manipulation of people to get them to surrender sensitive data, says Terry M. Evans, president of Cybersecurity Biz, a firm that specializes in protecting small and medium-sized businesses. “Human beings are always the weak link.”

PricewaterhouseCoopers’ 2018 Global Economic and Fraud Survey reported that of all respondents who reported cybercrime as the most disruptive form of fraud they face, 14 percent lost at least one million dollars because of it. Here’s how your business’s leadership team can make sure your firm doesn’t meet the same fate.

Start with the basics. Every employee should be running updated antivirus software, changing their passwords frequently and ensuring that firewalls are in place on their workstations. With the increase in use of a “virtual” office, firewalls must also be used when employees are working remotely, Evans says. One of the best things small businesses can do is set up a virtual private network (VPN), which employees can access remotely and securely when they’re not on the office network.

Create policies that address network access. Determining who has network access should not be left up to chance. Evans has seen instances in which employees have left a company and six months later were able to sign in to the company’s network using their old passwords. Policies should be in place that track who has access and when that access should change.

Beware low-tech methods. While cybercriminals can find hacking tools for free online, they’re not above using simple methods such as dumpster diving or the telephone. A common tactic used by hackers is to conduct research on social media, identify a new employee and call that person posing as a vendor or information technology employee. “I’ve seen new employees actually give up their password,” Evans says. To prevent this, alert employees to the threat of cyberattacks, and instruct them to refrain from sharing sensitive information via phone unless they can verify the caller’s authenticity.

Limit downloads. With employees spending so much time on the Internet, online security should be top of mind. “A lot of viruses and malware are introduced when people download software filled with bugs,” Evans says. Along the same lines, instruct employees to refrain from using devices such as portable drives if they don’t know where they came from. A common trick is for hackers to leave a USB drive on a desk and when someone plugs it in, it can infect the company’s network, Evans warns.

Communicate new threats. Cybersecurity isn’t a topic meant to be broached once and then forgotten. Make sure employees know about new scams and risks as they occur. For example, employees may be familiar with phishing, which is the use of fraudulent e-mails to solicit personal information. But they may not know that spear phishing is a more sophisticated form of phishing in which a hacker actually researches your company and includes terms or names in the e-mail that are relevant to your company. By letting employees know of such threats, they may be more alert.

While there is no bulletproof way to be 100 percent safe from cybercriminals, simple, cost-effective steps can mitigate those risks, Evans says. “When you look at return on investment, cybersecurity costs a small amount of money compared to losing your business over something that you can prevent.”

Looking for more ways to safeguard what’s important to your business? American Family has a host of business resources to help you make your business run as smoothly as possible.