In our last article, we discussed how hacking small companies is a big business. We explained how smaller firms may be better targets for modern hacking groups who choose their victims based on system vulnerability instead of any actual vendetta. We also talked about some of the ways that your company could be vulnerable.
Now, let’s go a step further. How can you keep your small company safe from hackers?
Mounting a Good Defense
To prevent your company from being hacked, you need to have a good defense in place, it needs to be more than a malware scanner. Modern hackers are very advanced. Your organization needs to get out in front of any security problems before they happen.
The first thing you should do is update your systems. You may think you are saving money by running an outdated operating system or using a computer that would be old enough for kindergarten if it were a person. Step up and invest in having the newest operating system and a device that can handle it. Even a brand-new operating system needs periodic maintenance. A good maintenance program is essential.
Be Careful with Employees
Make sure that you take a careful look at your employees too. Sometimes your staff may want to log on to unsecured networks or fail to back up data. These habits leave you vulnerable, and they are easily avoided.
Also, never give someone access to information that they do not need to do their job effectively. The military calls this “need to know.” Further, always lockout employees when they leave the company. It doesn’t matter if they retire, quit, or stop showing up. They no longer need access, so don’t give it to them. Keeping former employees active in your system is a risk that you simply do not need to take.
Get smart about your passwords too, and abandon the outdated idea of using a random string of characters. They are difficult to remember and surprisingly easy to hack. Most experts recommend using passphrases instead. A passphrase is something easy to remember and hard to guess. A short sentence, like “I love my golden retriever,” is difficult to guess and takes longer to crack because of its length and (technical) complexity. Think that sentence may be too long for a password? Think again. Many people do not know this, but you can have up to 256 characters in your Microsoft password, so be creative.
Finally, take steps to be proactive. Use a technology consulting company like Aldrich Technology to assess where you might be vulnerable and make recommendations to remedy those threats. These firms can help you work within your budget to keep your company information safe. They can also monitor your network for potential issues and help you get back to business if you are ever hacked. A standard Aldrich Technology assessment can provide a good assessment of where you stand, offer some inexpensive suggestions, and help you design a road map for future budgeting.
What to Do If You've Been Hacked
Despite all of your best efforts, privately-held businesses may still be hacked. If that happens to you, your first step is to remain calm and change all of your company passwords immediately. Make sure that each new password is at least 12 characters long and that you never share that information electronically. Remember, if you are hacked, the hacker could still be lurking.
Next, talk to your insurance company, they can tell you who to contact and help you minimize the impact. Many companies have “common sense” to not tell anyone. This is not always the most effective choice.
You should contact a technology firm. Get somebody like Aldrich in to do a damage assessment and see how badly you’ve been hacked. We can help you with the next steps. Aldrich will advise you on how to make a legal disclosure after a hack, and we can monitor your network for any backdoor the hackers may have inserted in your system. Contact us today to learn more.
Vice President, Technology Operations
Aldrich Technology LLC
Rick Koski leads technology operations for Aldrich Technology. After successful careers as a nuclear submariner and as an engineer with Lam Research, Semi Sematch and Critical IT Solutions, Rick became partners with Lighthouse IS founder Peter Adams in 2005. Rick has the unique ability to cut through technical complexity and give an executive clear, actionable…
- Networking and infrastructure
- Technology roadmapping
- Business systems