What Your Business Needs to Know About Cybersecurity
The digital revolution has come and gone, and companies that haven’t made the pivot to digital functionality are falling behind. With companies in every vertical becoming more and more digitally driven, the landscape of digital threats has also evolved. If you’re going to protect your business data and its customers, you need to keep up to speed on the state of cybersecurity and how to take appropriate precautions.
No One is Immune to Hacking
While it is indeed the case that smaller, lesser-known businesses are less likely to be the target of a concerted attack than a large business like a bank, retailer, or hotel chain. But just because your business is off the radar doesn’t mean it’s completely safe from cyber threats.
Many hackers count on unaware, unprepared employees to steal money and information — specifically, the tendency of people to use duplicate passwords and login information. Data breaches are an all-too-common occurrence, with hundreds of millions of users’ information compromised every year.
If your login information is leaked for something seemingly unimportant like Pixlr, an online photo-editing application, it’s a matter of a few simple lines of code to try that same email and password on Gmail, Microsoft, major banking sites, and more. Given that 65 percent of users reuse passwords across multiple sites, it’s only a matter of time before a hacker finds something much more valuable.
IT Education is Vital
The IT world likes to refer to certain problems as “PEBKAC”: Problem Exists Between Keyboard And Chair. It’s a tongue-in-cheek way to indicate that the tech user is the issue, not the software or hardware, but it’s a real concern in today’s modern world.
In the past, computer systems were the purviews of experts — IT departments handled the background technology and the average employee didn’t have to worry about it. Now, every employee in the company has access to email, cloud storage, task management, and third-party software that might include client data. As such, it’s vital that everyone in the company is informed and educated on the proper protocols around software and data usage.
Social Engineering Attacks
One of the most common types of cyber attack is a social engineering attack. These attacks are so named because rather than exploiting weaknesses in the software or infrastructure of a company, an attacker will attempt to convince a user to give up sensitive personal information. Unfortunately, these attacks are consistently successful. Types of social engineering attacks include:
- Baiting: using a false promise or exploiting a user’s curiosity to gain access to their data. This might include offering a free download or stream of a popular movie, for example.
- Scareware: bombarding a user with false alarms and fictitious threats. A website might tell users they need to enable notifications to proceed (which likely isn’t true), then show them notifications that their computer is infected with a virus and that they should download a particular tool to stop the virus. That tool will contain the malicious code itself.
- Pretexting: establishing a false premise to build trust, often by impersonating an authority figure, bank, loan officer, or other person with inside information. If you’ve ever gotten a spam call urgently telling you that your car’s warranty is expiring, you’ve seen a pretexting attack firsthand.
- Phishing: one of the most common social engineering attacks, phishing involves pretending to be someone you’re not, often by using carefully designed emails and even fake websites to fool people into entering their login credentials.
- Spear phishing: a subcategory of phishing, spear phishing targets specific individuals who are likely to have access to sensitive information. A spear phishing attack might impersonate a company’s IT staff and ask users to change their password, then direct them to a fake page where their new passwords can be captured.
Educating every single person in your organization on how to recognize this kind of attack is one of the best ways to avoid them — even one weak link can compromise the entire system.
Limit Access to Secure Information
Generally, the best way to keep malicious actors from obtaining sensitive information is not to have any sensitive information in the first place. That’s not always an option, since you’ll need to store client information and use third-party software on occasion, but you can at least limit the appeal of your business to hackers.
Take a hard look at the kind of customer data you’re storing, whether you’re storing it on the cloud or a local computer network, and whether you need to be keeping it. If you do need to hang on to sensitive information like credit card numbers, make sure you’re encrypting them — you can set up your storefront so that the computer has the ability to match someone’s card information against the number you have stored, even while no user at either end can actually see the number.
We also strongly recommend the use of a password manager. The main reason that people use the same password on multiple sites is that it’s easy to remember. A password manager takes that factor completely out of the equation. By requiring your employees to use a password manager, you can guarantee that they’re not using duplicate passwords, they’re coming up with secure passwords, and that they’re changing their passwords with appropriate frequency. You can even establish passwords for important applications and share access to your employees without ever sharing the password itself.
Talk to the Experts
IT security and infrastructure is an increasingly complicated field, and it’s more and more difficult for a layperson to keep up. Not only is this an areas that most business owners are unfamiliar with, but you simply don’t have time — you have a business to run, after all.
To truly secure your business against potential threats, we recommend employing the help of an outside consultant like Madison Taylor Technology. We can examine every aspect of your IT stack to look for weaknesses, redundancies, and gaps in coverage to ensure that your business and your customers are safe. If you’re ready to start taking cybersecurity seriously, talk to Madison Taylor Technology today.
Begin a Conversation
Have a question? Want to connect about a problem? Interested in getting started? Whatever it is, we’re here when you need us.