This month, hearings are being held in Washington related to the reported hacking of the U.S. electoral system by Russian operatives. In addition, every few months we read of high-profile cases that tell the story of employees or cyber criminals arrested for stealing identities and other data from large organizations. There is one clear message for business owners: hacking and data theft is the new normal. No business owner can prevent all high-tech mischief, but understanding types of cyber crimes and deterrence are important first steps.
Security and Antivirus Software
Strike first by installing computer security software that operates in the background, places a firewall around your network, and sweeps for viruses, spyware, and malicious malware. For small shops, many ISP’s (internet service providers) offer free subscriptions to Norton™ Antivirus Security or McAfee® Total Protection within their internet package. If one is included, ensure that you download the protective software onto each office computer from your ISP’s website (there should be a link within the business customer tab). If security software is not available, purchase an antivirus subscription for your office network and be sure it is updated regularly (this can be automated). Consider one of these 13 security solutions that Sara Angeles reviewed for Business News Daily.
Passwords
It might seem obvious, but ensuring that passwords are hacker-proof is an effective obstacle that some companies overlook. Weak passwords are the equivalent of leaving your shop door unlocked at night. Large businesses may use a password manager (see link under Resources below), but small businesses should heed these tips from the experts:
- Do not use obvious passwords such as 12345, QWERTY, or the name of your spouse, pet, or birth date.
- Avoid using any password that relates to your company or your network. Change default passwords that came with your router or internet network immediately.
- Because hackers use “brute-force” search techniques (automated test protocols) to discover passwords, the greater the length, the greater the reduction in risk. Passwords should include 10 to 12 unique upper and lower case letters, numerals, and characters in order to repel brute-force hacking.
- Change your organizational passwords frequently. Compartmentalize your computers, and avoid allowing employees to share password information. For more on passwords and other security tips, check out Kim Komando’s website.
Company-wide Preparedness
Finally, only you and your employees can deter or prevent cyber intrusions. Begin by training your employees about cyber security, including ways to avoid an attack. Below contains a list of some of the more common terms.
Cyber Speak
Bots or Botnets – malicious software robots that look for vulnerable websites in which to plant malware or steal data
Cyber Extortion – Hackers lock down your computer in exchange for payments to restore access. This is known as ransomware.
DOS (Denial of Service) Attack – coordinated website “hits” designed to crash your website
Malware – any malicious software or code that can infect your computer system such as Trojans, viruses, worms, bots, logic bombs, etc.
Phishing Scams – often launched via email, phishing mirrors legitimate web communication such as an email from your bank, complete with official logos (“spoofing”) in order to cause an unsuspecting recipient to respond with personal information.
Spyware – Downloaded to reside on your computer, spyware collects personal information about your computer use. Spyware and tracking cookies – also used by advertisers – are often delivered via free software downloaded from the internet.
In general:
- Warn employees not to open or download attachments or click on links in emails from unknown sources. Doing so may introduce a Trojan, ransom, or spyware virus.
- Let employees know that the IRS, Federal and State government agencies, or financial institutions will never notify or threaten to prosecute you by email or phone. No matter how official or threatening the email appears, it is most likely a phishing scam, which tries to frighten a victim into giving out personal or confidential information. Even if an email looks genuine, always contact the institution directly to confirm email content or notify the IT manager. Warn employees never to transmit sensitive information in an email unless it is encrypted.
- Do not allow employees to download unapproved software on to the network. This includes “free” internet content from emails, social media, or websites that offer freebies such as videos, music, games, or helpful computing utilities. Malware tricks employees into installing malicious software that can then lock down a computer or network until a ransom is paid. Alternatively, it can invade screens with pop-ups, slow down the network system, or in the worst-case scenario, wreak havoc by stealing financial information. Effective security software will screen and identify safe websites from those that can harm a network.
- Finally, train all new and existing employees on cyber security and the appropriate use of company technology. Prepare an employee technology agreement and keep signed copies on file.
Because technology and cyber crime are continually evolving, it pays to be vigilant. Hire a talented IT professional to administer your network and protect your company’s confidential information. Alternatively, find a good IT contractor who can set up a secure system, test it, and administer periodic upgrades.
At Partnership Employment, we spend as much time getting to know your organization’s unique requirements as we do screening our candidates. Let the professionals at Partnership Employment help you find a trusted IT expert to manage and protect your computer network system. Contact us today!
Additional Resources:
Password Management Software reviewed by PC Magazine.
Securing Your Wireless Network – Federal Trade Commission
Computer Security – Federal Trade Commission
Wireless Connections and Bluetooth Security Tips – Federal Communications Commission