In our last article, we discussed how hacking small companies is a big business. We explained how smaller firms may be better targets for modern hacking groups who choose their victims based on system vulnerability instead of any actual vendetta. We also talked about some of the ways that your company could be vulnerable.
Now, let’s go a step further. How can you keep your small company safe from hackers?
Mounting a Good Defense
To prevent your company from being hacked, you need to have a good defense in place, it needs to be more than a malware scanner. Modern hackers are very advanced. Your organization needs to get out in front of any security problems before they happen.
The first thing you should do is update your systems. You may think you are saving money by running an outdated operating system or using a computer that would be old enough for kindergarten if it were a person. Step up and invest in having the newest operating system and a device that can handle it. Even a brand-new operating system needs periodic maintenance. A good maintenance program is essential.
Be Careful with Employees
Make sure that you take a careful look at your employees too. Sometimes your staff may want to log on to unsecured networks or fail to back up data. These habits leave you vulnerable, and they are easily avoided.
Also, never give someone access to information that they do not need to do their job effectively. The military calls this “need to know.” Further, always lockout employees when they leave the company. It doesn’t matter if they retire, quit, or stop showing up. They no longer need access, so don’t give it to them. Keeping former employees active in your system is a risk that you simply do not need to take.
Get smart about your passwords too, and abandon the outdated idea of using a random string of characters. They are difficult to remember and surprisingly easy to hack. Most experts recommend using passphrases instead. A passphrase is something easy to remember and hard to guess. A short sentence, like “I love my golden retriever,” is difficult to guess and takes longer to crack because of its length and (technical) complexity. Think that sentence may be too long for a password? Think again. Many people do not know this, but you can have up to 256 characters in your Microsoft password, so be creative.
Finally, take steps to be proactive. A cybersecurity expert can help assess where you might be vulnerable and make recommendations to remedy those threats. They can also monitor your network for potential issues and help you get back to business if you are ever hacked.
What to Do If You've Been Hacked
Despite all of your best efforts, privately-held businesses may still be hacked. If that happens to you, your first step is to remain calm and change all of your company passwords immediately. Make sure that each new password is at least 12 characters long and that you never share that information electronically. Remember, if you are hacked, the hacker could still be lurking.
Next, talk to your insurance company, they can tell you who to contact and help you minimize the impact. Many companies have “common sense” to not tell anyone. This is not always the most effective choice.
Instead, contact a cybersecurity expert to do a damage assessment and see how badly you’ve been hacked. If your company is the victim of an attack and need help with next steps, let’s talk.