How to Protect Your Business from Cyber Attacks

by Hesam Lamei

If you are under the impression that your business is too small to be an attractive target for cyber-attacks, or that you don’t have any data worth accessing, think again. A 2012 Data Breach Investigations Study by Verizon shows that of the 855 data breaches they examined, 71 percent occurred in businesses with fewer than 100 employees. Verizon's 2013 Report shows attacks on small business increased in record numbers as well.

So how does a small or mid-size business prevent security threats? Having run an eBay business and now as the CEO of a computer hardware and services company with heavy online activity, I’ve learned a lot over the years. Here are some ways to avoid becoming the next target:

Be Vigilant

SMBs can benefit by being on the lookout. A lot of potential security breaches come from nefarious websites capturing data, suspicious links, or from downloading programs from non-legitimate websites and providers. These types of activities lead to malicious activity on your computer by creating malware or backdoors for hackers. The most sophisticated hacker doesn’t always attack the company server because there are easier access points. Some of the biggest and easiest threats you come across are hackers sending phishing emails to end users. We sell thousands of products on eBay and receive lots of eBay and PayPal emails. Of these, I receive 2-3 phishing emails every single day. I’ve had enough experience to know to review the URL, look to see if it is addressed to me, and review how the subject line is written. Many of these appear to be very legitimate looking websites. Yet too many times users provide them with the information they are looking for, resulting in employee machines getting infected with malware. Once malware or the hacker is on the machine, it leads to data loss, breaches, and too many access points to the whole organization.

The best way to combat phishing schemes is to utilize a good email provider. Good email service providers will alert you if an email is suspicious or from a location other than what is presented. For example, Google Business, a cloud provider for business-class email application offers the technology to flag "spoof" email and provide an alert of suspicious activity. Companies like Google are aware of what IP addresses are legitimate and have a range block to determine and flag suspicious activity. The application does some of the work but ultimately awareness and discretion allow a user to block suspicious security threats. Also, consider preventative software to handle security threats. There are a variety of other security software options to place on the network for protection, such as intrusion detection software, that can help you be on the lookout for malicious activity. There are many providers of these types of software out there, such as Symantec or Microsoft. My best advice is to be vigilant and protect yourself with a solid email service and software that helps protect you from security threats.

Educate Your Team

Good leadership will ensure employees are properly educated on how to be aware of potential cyber attacks. Have your IT team or your outsourced IT provider help educate your staff and talk to your team about phishing and malware as well as what steps they need to take to avoid falling victim. For instance, if an email is not addressed to you personally, then it is most likely phishing. If it's anything from a big site it will use your name, not address you as "dear buyer," "dear seller," or "dear merchant." These are just phishing emails and the sender is confident you will more than likely click on the links. Be aware of what’s best for your organization and disseminate that knowledge to your team.

Secure Devices from Theft

So often we worry about the technical side of things that we completely forget about physical security. It's important that you take the necessary steps to protect your merchandise, making sure it isn’t accessible to be physically taken. There are plenty of criminals out there who will dress up to fit into your office setting, make their way into a busy office to see who’s laptop or smart phone is sitting around, and slip out the door. It happens more than you’d expect.

Plan for Safer Network Access

Another thing to consider is network access. Things can happen. Especially with Bring Your Own Device (BYOD) becoming so popular, it's important to take safe measures for employees utilizing their own devices at home and in the office. Another network risk involves employees working from home and accessing the company network. Most companies make sure employees have a VPN tunnel between a home office and the company. If not, several mobility and BYOD-focused companies offer services to make sure you are secure at home and at work.

Backup & Replication

All that aside, you can take all the safety measures in the world and still get hacked or breached. The best way to protect your network is to take preventative measures and have backup and replication measures set in place. A daily and weekly backup of data and replication to numerous locations is a security best practice. Take images of your server, as well as employee laptops, so in the event someone loses a laptop, or the hardware is breached, IT can reimage a new one, shutdown the account information on the old one, and make sure the network is secure and not compromised. Consider off site or cloud backups, as it has become very affordable and provides you with an additional option for a solid disaster recovery plan.

Cyber attacks are unavoidable and are now a major concern for companies of all sizes. While SMBs might not be the primary target of most sophisticated security attacks, they are becoming a more vulnerable option every day. SMBs need to expect, plan and empower employees to know how to identify potential threats and respond. There are quick and effective preventative measures you can take to protect your business. You just need to make it a priority so you don’t become the next target.