How to Protect Your Company against Hackers
High profile hackings have become a common place in the world of business. Each year seems to bring about more cases while security experts are constantly lashing out warnings.
But what is hacking all about and how should your business protect itself against this growing threat?
This guide will provide you an understanding of hacking and why it is a big issue for big and small businesses. You’ll also be able to read about the five key security aspects that can protect your business. You’ll hopefully come away with an understanding of the necessity of protecting your business and the confirmation that security doesn’t need to be complicated.
WHY SHOULD YOU TAKE HACKING SERIOUSLY?
Hacking has become one of the most talked about subjects in the business world. It’s not just a topic security experts discuss in dim IT rooms, but all major business magazines and organizations continuously report about the importance of taking hacking seriously.
What is hacking?
So, what does hacking mean? It essentially is a practice, which sees a person modifying the features of a specific system, in order to achieve a goal, for which the system is not originally designed to perform. In short, hacking could be performed on all sorts of things, with computer hacking being the most common form.
While the actual modification, i.e. hacking, could have positive and beneficial intentions, most associate hacking with criminal activities. Hacking can be used in order to break into the IT system of organizations and cause disruption by making the system non-operational or by stealing information.
Should your business care about hackers?
Hacking has made big headlines in recent years and business owners have become increasingly aware of the threat. PwC conducted a survey in 2014 and asked over 9,600 IT executives globally whether they’ve experienced hacking in the past year. According to the survey, 41% of the respondents had experienced at least one security incident during the year. In the UK, the number of security incidents that year had increased by 69%, with global increases close to 25%.
Since the majority of the headlines feature big companies, such as TalkTalk and SnapChat, many small business owners tend to overlook the issue of hacking. But security company Symantec found hacking against small businesses increased by 300% in 2012 from attacks in the previous year. Hacking is a threat to big and small businesses, with small businesses often having the lack of resources as a disadvantage.
But what damage can hacking do to your business, whether it is a large corporation or a small business? Perhaps the thing you should be most concerned is financial damage. In fact, in the PwC survey, the respondents that said they’ve experienced hacking, nearly 40% said it had resulted in financial losses.
Hacking can result in direct theft of finances, but it can also impact your ability to be paid by customers and third parties. It can completely shut down your business operations and create financial problems. While your insurance might well be able to cover the losses, the process is often relatively strenuous and long.
Furthermore, securing your business after you’ve been hacked can end up costing your business. In fact, you can end up paying for your security more after a hacking incident than you would have before it. Undoing the damage is often impossible, but prevention can ensure you never have to face the difficulties.
You could also lose valuable information because of hacking. Hackers might steel company secrets that end up benefitting competitors. Your customer details are gone forever, if you don’t have a proper backup. The consequences of hacking can range from minor inconvenience to the destruction of your business.
In addition, financial problems can occur even indirectly as a result of hacking. As cases such as the TalkTalk incident and the Target hacking show, the business’ reputation can suffer. Not only are you often entitled to reimburse customers for any losses, but also you might have a hard time attracting new ones in the immediate future. Customers can feel wary over the security your business provides and the lack of trust can be difficult to rebuild, especially if it turns out you hadn’t properly secured customer data. In fact, businesses have a legal obligation, in most cases, to protect customer data. If you don’t take the appropriate steps to do so, you can inflict further financial damage on your business.
5 ASPECTS OF SECURITY YOUR BUSINESS MUST COVER
The good news is that big corporations and small businesses can limit the threat of hacking with simple solutions. Securing your business’ online activities will require careful planning, but you shouldn’t feel overwhelmed. The following five aspects help you understand the key security areas you should cover.
#1: Use appropriate security programs
The simplest way to start securing your business is by using up-to-date software. The constant updates can sometimes seem like a drag, but you shouldn’t start skipping them. Whilst it is possible to use software that’s not up-to-date, it can increase the chance of hacking. Software developers are constantly adjusting their code and improving the security of the system against the latest malware. If you don’t stay on top of it, you put your business’ security under risk.
Additionally, you also have to get used to backing up your systems. Businesses should back up all the files and systems at least once a week. The more data changes you make a day, the better it is to back up every day. You can find information about the importance of backing up your systems from the below YouTube video:
Back up shouldn’t simply take place in a single location either. You want to ensure your business has back up on-site, but also off-site as well. The uncomfortable truth is that every hard drive will eventually fail and you don’t want this to happen to your only back up.
Once you got the basics covered, you want to start adding extra layers of security to your business. Your business might need plenty of different security packages, but the essentials include:
- SSL – SSL is an essential tool to protect the information users send between the website and the database. The code prevents information from being read or accessed without proper access.
- Web Application Firewall – a web application firewall (WAF) can be software or hardware based. It is essentially a protection between your website service and the data connection, scouring through all of the data that passes between these two systems. WAF is typically a cloud-based system and you can find them with monthly subscription fees.
- Website and software scanners – You’ll also want to add scanners that regularly scan your website and software. They can help detect and stop malware, viruses and bad code.
When you are looking for the above security programs, remember to check with a few options. Don’t be scared of the costs – plenty of good security software can be used free or for a minor fee.
#2: Enforce appropriate authentication
Authentication and passwords are important aspects of security. Although passwords are among the best ways to protect your data, many businesses tend to compromise on them.
First, ensure your business uses a password management system. Like with the above security software, you can find password management systems in all price categories. A proper password management system ensures the business uses minimum password standards across all operations, amongst both employees and customers.
In addition, you want to consider using a Two Factor Authentication (2FA) system, also known as the Two Step Verification system. This means that when the system detects an unauthorized device trying to access the data, it asks for a separate authorization code. The authentication is typically an SMS message sent to a registered number or a special code-generating app. This will prevent a hacker from accessing the data.
The good news is that 2FA solutions are easy to set up and you can even get started free. Google Authenticator, for example, is an effective solution to check out.
Finally, remember the appropriate rules regarding login details and passwords. You should never send them by e-mail and you should encourage both employees and customers to regularly change their passwords.
Finally, don’t provide access to data to everyone in the organization. Not everyone in your business needs a business-wide data access. With each employee, and customer to some extent, think whether they need certain information and deny the data from anyone who doesn’t use it.
#3: Secure third-party services
It’s important to understand businesses don’t act in a vacuum. Even if your business has an appropriate security system in place, third parties your business deals with might not. Therefore, you shouldn’t only figure out how to secure your own system, but also make sure the companies you work with take security issues seriously.
The best way to understand the importance of this is by looking at the example of Target. While the corporation had a secure defense to protect against hacking, the hackers gained access by using stolen authentication credentials of a subcontractor. Furthermore, the Ponemon Institute’s research shows third-party providers have a significant impact on the likelihood of hacking. You need to make sure companies that either have access to your system or who have important data about your business enforce appropriate security measures.
When you start working with a third-party, check their security credentials and ensure you get a guarantee of an appropriate level of security. For example, they should use the Payment Card Industry’s Data Security Standard and cloud-security certification.
If you are using cloud, segregate sensitive data from less sensitive data. The more sensitive the data, the more security you want to add around it. Ensure the connection you use to access data in the cloud is secure. Systems such as virtual private networks (VPN) add more security on Wi-Fi connections. You should definitely avoid using open wireless network for accessing sensitive business data.
#4: Understand the vulnerabilities that remain
The above aspects will help you build a strong defense against hacking. But even when you spend time and money on online security, you cannot have a 100% guarantee the system won’t be breached. As past instances of hacking have shown, there’s always the possibility hackers find a way to sneak into your system.
In fact, security blogger Graham Cluley told FastCompany in 2014, the human element continues to be the weakest link in the security chain. “I fear that because we can’t roll out a software patch for people’s brains, this problem is one we’re still going to have in 100 years,” Cluley said in the interview.
But while your security can’t guarantee 100% results, staying on top of your system will help limit the risk. Your security will have certain vulnerabilities, but the more you understand about them, the safer the system will be.
Stay on top of the latest hacking threats through tech websites such as The Hacker News. When you find vulnerabilities, check how you could patch it up and enforce new regulations if necessary. Don’t stay still when it comes to security software. Continue to keep an eye on better software and upgrade your system if you feel you require more protection. Hackers are good at improving their skills and the software you use now might not be sufficient protection in three months.
Furthermore, if your business operates as an e-commerce business, you need to understand two key vulnerabilities. These are:
- SQL – hackers use applications with SQL queries in order to gain information from the business’ database.
- Cross Site Scripting (XXS) – the attack uses applications, which take untrusted data and send it to browsers without validating the data. This can allow the hacker to take over accounts or change website content.
Both of the above vulnerabilities are effectively prevented with a web application firewall.
#5: Create a strong culture of cyber security
Finally, while the above aspects can help you add tangible layers of security around your business, the final point is all about creating a strong culture of cyber security. Your employees are already careful of locking the doors of the business premise and ensuring windows are closed in the afternoon. But they should also be as keen to “lock the doors” of your online operations as well.
Ensure cyber security is a key focus point in your business, not an afterthought. Whenever you are implementing a new approach or adding a new operational aspect for your business, consider it through cyber security.
Figure out a proper risk management plan. You need to know the most valuable assets in the business and create a plan to protect them. But importantly, you also need to have a plan for the moment when things go wrong. The aim is to ensure your data never is stolen, lost or damaged, but you need to have a plan in place in case the unthinkable happens.
Implementing a proper security plan is not difficult. The Internet has a wealth of information available to help you get started. Once you have an appropriate action plan in place, responding to threats is much easier and you can end up limiting the financial damage a possible breach might have.
Furthermore, everyone in your business should be aware of cyber security and the best behavior associated with it – whether or not your business has a special IT department. It is important that employees are aware of how malware and viruses transmit and travel, as well as what they should do if they detect a breach or a problem. For example, you don’t want to simply deny them visits to certain websites with office computers, but explain the dangers of this behavior. Educating your employees about the risks and the best practices can add the final layer of security. Adequate education on the matter reduces that human element.
Finally, don’t stop your education to your employees. You should also help your customers understand about correct and secure online behavior. For example, explain your information sharing rules and regulations with them. Remind them to never share personal information over e-mail, but rather always contact your customer service by phone or face-to-face.
Organizing regular cyber security workshops can be an effective way to keep staff up-to-date. If you are a small business, you can make these events cheaper by organizing them together with other local SMEs. Furthermore, running cyber security workshops for your customers can be a clever branding opportunity.
Securing your business against hackers isn’t a zero-sum game. No system or software can provide you 100% protection. But security also isn’t rocket science, which costs a fortune. The above aspects of security can guarantee your business data is not only secured but you also have the appropriate attitude towards security. Make security the key focus of your business, continue to educate yourself and your employees and customers, and stay on top of the threats.
In its essence, protecting your company against hackers is about making your business as secure as possible. To do this, you need the right security tools, the proper approach to security, from yourself and your business partners, and implementation of proper safeguards.
In San Francisco, we talked with venture capitalist from Partech Ventures, Nicolas El Baze, …