Don’t Be a Hacker “Target”: Secure Your Systems
You’ve seen and deleted them dozens of times, the annoying spam and phishing emails that promise Viagra for pennies a pill or ask you to update your PayPal or bank account information. While spam is certainly a nuisance, computer security experts now believe that these easy-to-delete messages eventually gave cyber criminals access to Target’s network, resulting in one of the largest data breaches in U.S. history.
It appears that once someone at an HVAC firm in Pennsylvania fell for the phishing scheme, hackers used the compromised computer to access Target’s network, since the HVAC firm was one of Target’s contractors. The seemingly innocuous act of clicking on a link in an email could end up costing retailers and banks at least $18 billion, with consumers liable for more than $4 billion of “uncovered losses and other costs,” according to The New York Times.
According to the Federal Communications Commission (FCC), “theft of digital information has become the most commonly reported fraud, surpassing physical theft.” As this breach indicates, businesses of all sizes are at risk. According the Small Business & Entrepreneurship Council, “Nearly one in five attacks are against small firms. When successful, these attacks average $8,000 to fix and multiple days to resolve. A very large number of small businesses (nearly 70 percent) do not survive an online intrusion.”
Experts say that hackers don’t necessarily target specific businesses; the 100 billion daily spam messages are merely an attempt to find the most vulnerable ones. Hackers will target your business, however, if you don’t practice smart computer security. Cyber attacks are common at even the largest businesses, but that doesn’t mean you can’t protect yourself even though you’re firm isn’t as huge as Target.
These common-sense computer security tips will help you avoid becoming part of the 70 percent of businesses that tank after a cyber attack:
- Assign one person to handle computer security. As a business owner, you most likely won’t have the time to handle this important task, but your office manager might. Schedule periodic meetings with your designated security person or IT vendor to get a comfort level with what they’re doing.
- Create an acceptable use policy. Don’t want your employees to use Facebook or their personal computers or tablets at work? Then tell them, as it’s hard to expect employees to know what to do and not do with computers and data unless you let them know. This good example of an acceptable use policy is free and easily customized. Have your employees read and sign the policy.
- Stop attacks before they walk in the door. Run a background check and ask for at least two references on new employees. And make sure and cancel their IDs and passwords if an employee quits or gets let go.
- Update all computers regularly. This means applying necessary updates to operating systems (Windows, Mac OS X) and programs (Excel, Word), antivirus programs and industry-specific software.
- Use strong passwords. According to Microsoft, strong passwords are at least eight characters long, don’t contain a real word and have upper and lowercase letters, numbers and special characters. Strong passwords decrease the likelihood that you’ll be hacked.
- Have a backup plan. You can markedly decrease the time it takes to recover from a serious cyber attack or disaster by regularly backing up your data. According to a survey by Symantec, a leading antivirus company, a startling 47 percent of companies never backed up their data. The National Cyber Security Alliance has some recommendations for formulating a backup plan.
- Vet your vendors. Only trusted entities should be able to access your network, and they should be given the minimum privileges necessary to do the job.
It’s much easier to prevent a security breach than to recover from one. Just ask the HVAC company in Pennsylvania that is spending more time being grilled by the Secret Service than servicing its customers.
(If you, your significant other or children shopped at Target, you are entitled to free credit monitoring for a year. Go here for details. The sign-up process is painless.)
Posted In: Technology
BECOME AN ACCA MEMBER