Think You’re Safe from Cybercrime? Think Again
August 10, 2018
Tips to secure your data, protect customer info, and survive a breach
- Evaluate what data you collect, how you store it, and who has access to it
- Invest in cybersecurity software for all devices and consider cybersecurity insurance
- Train your team to spot attacks and have a breach response plan of action
When it comes to stealing sensitive information or holding it for ransom, cyber-criminals aren’t just out for big scores like Target and Experian. Small and midsize businesses face unique risks. In fact, 58% of breaches hit small businesses last year, according to USA TODAY. On average, cyber attacks cost small businesses between $84,000 and $148,000. And worse, 60% of those affected go out of business within six months of the attack.
Before you run over and rip the cord out of your router, we’ve got a handful of simple steps to drastically reduce your exposure to an attack. But first, a cautionary tale.
Be Vigilant or Get a ‘Helluva Wake Up Call’
The payroll manager at Primary Systems, a Missouri-based small business, had barely finished her morning cup of coffee when she noticed something troubling. The previous night, their bank had processed an unscheduled payroll batch six times larger than the typical amount.
“The payroll manager contacted me at 8:00 a.m. that day to ask if I’d authorized the payroll batch, and I said no, it must have been a bank error,” explained Primary Systems Chief Financial Officer Jim Faber to cybersecurity blog Krebs on Security. “I called the bank and they said no, they did not make an error.” By then, hackers had already made off with $180,000.
“That was a helluva wake-up call,” Faber said.
According to Krebs on Security, a single virus-laden email that an employee clicked on let the attackers open a digital backdoor, exposing security weaknesses that unfortunately persist between many banks and their corporate customers.
A similar vulnerability led to the massive breach at Target in 2015, compromising the sensitive payment data of over 40 million customers. Hackers gained access by attacking a small HVAC contractor who happened to have Target network credentials tied to work they did for the retailer. Not cool.
Tips to Avoid a Breach
Verizon’s annual Data Breach Investigations Report is considered the benchmark for assessing and avoiding cyber threats. It includes detailed data on how attacks happen and what’s targeted.
A fun and punchy read, the report dubs itself a summary of “dirty deeds and unscrupulous activities committed by strangers far away and by those you thought you knew.”
Its recommendations are dead serious, however, clearly broken down by sector. So no matter what you do, it’s worth your time to read up on the latest security risks and how to face them.
Here are the report’s top takeaways:
Be Vigilant: Don’t wait to find out about a breach from law enforcement or a customer. Log files and change management systems can give you early warning of a security compromise.
Make people your first line of defense: Do your employees understand how important cybersecurity is to your brand and your bottom line? Get them on board, and teach them how to spot the signs of an attack and how to react.
Only keep data on a need-to-know basis: Do you know who can see your sensitive data and systems? Limit access to the people who need it to do their jobs, and have processes in place to revoke it when they change roles.
Patch promptly: Cybercriminals are still successfully exploiting known vulnerabilities. You can guard against many threats simply by keeping your anti-virus software up to date.
Encrypt sensitive data: Do what you may, one day you’re likely to be the victim of a breach. But by encrypting your data you can render it useless if it is stolen.
Use two-factor authentication: Phishing campaigns are still hugely effective. And employees make mistakes. Two-factor authentication can limit the damage that can be done if credentials are lost or stolen.
Don’t forget physical security: Not all data theft happens online. Surveillance cameras and entry systems for restricted areas, for example, can help avoid criminals tampering with systems or stealing sensitive material.
Battling Back After a Breach
It’s critical for every company handling customer info to have a data breach response plan. USA TODAY compiled expert advice on what actions every plan should take. Here are the highlights:
Act immediately: Contact your IT team, legal counsel, and cyber liability insurance agent if you have one.
Contain the breach: Take affected systems offline, but don’t turn them off. That’s so your IT team or investigators can examine the source of the breach.
Document every step: Authorities will need to know these details.
Communicate clearly: Ensure affected groups are made aware of the issue and the steps being taken. Be sure you have a plan for how you will notify customers, staff, and the media in the event of a breach.