NCSAM was launched by the National Cyber Security Alliance & the U.S. Department of Homeland Security in October 2004 to make sure that our online lives - at work and at home - are kept safe and secure. That's what National Cybersecurity Awareness Month (NCSAM) – observed in October – is all about!
While a decade ago most businesses would not give much thought to cyber security, in our current times, it has become a crucial necessity. Last year, in 2017, the number of cyber attacks doubled, making it the worst year ever, with just under 160,000 cyber incidents targeting businesses, according to the Online Trust Alliance.
Some trends for 2018, according to CSO, include an increase in cryptomining which means to silently use your computer to mine bitcoin, email attachments as a vector for the majority of malware, and of use of fileless malware. About the only upnote was less ransomware attacks, but that was only due to less extortion for Bitcoin being replaced by cryptomining that is considered easier to pull off.
It is sobering to see these constant, and increasing threats to business. However, your business does not need to sit idly and wait to become a victim of the latest attack du jour.
Rather, become proactive, get out ahead of this rising problem, and check out our tips to protect your business, before the cybersecurity threat is knocking at your company’s door.
Businesses have all types of data, from customer information, to employee records and important financial records. It pretty much goes without saying that it would paralyze any business to not have access to this information, affecting operations for day-to-day in the short term, and have long reaching consequences if this data were to be hacked by malware.
Therefore, your business needs to backup all of its data, and take this seriously. This will insure against loss of data, whether from a ransomware attack, or a good ol’ fashioned mechanical hard drive failure. When it comes to backing up data, a good rule is the ‘3-2-1 backup rule,’ that suggests to maintain three copies of the data, storing them on two different types of media, with at least one copy of it stored offsite to protect from all types of catastrophic events.
While years ago a business would make tape copies of important data, and have rotating employees bring them home or to a safety deposit box at the local bank, these days, an excellent option is to use a cloud provider for data backup, which backups the data continuously to an offsite location. Cloud data backup, when combined with an in-house NAS, and local storage on employee’s desktop hard drive then fulfills the recommendations of the 3-2-1 backup rule.
- Check out our list of the best VPN providers in the market
At home, many users hardly take password security seriously, using simple dictionary words, or taking the lazy way out with such popular choices as ‘123456,’ ‘password,’ or the still too simple variation ‘pa$$word.’
None are considered secure, and passwords should be long with at least 12 characters, with a combination of uppercase and lowercase letters, numbers and special characters to be considered strong. They should also not be from a dictionary, but rather a random combination of characters that protects from a brute force attack.
Businesses have far more at stake than most individual users, and therefore need an even higher level of security. They need to make sure that their employees change their passwords at regular intervals, such as every 60 to 120 days being common, which can be facilitated in user interfaces, which informs users that their password is expired, and then prompts them to change it.
Another business password issue are administrative passwords. These should be restricted to only top level users that truly need access to the higher level security functions to perform their jobs to limit access as much as possible. These administrative passwords should also conform to the strong password rules as outlined above, and should be changed even more frequently than the regular user passwords, for maximal protection of the business.
Security patches are routinely issued from a variety of sources, including Microsoft Windows, other pieces of software such as Microsoft Office, online browsers, smartphone devices, and hardware. They fix stability issues, and also patch known security holes as they appear. Therefore, these patches need to be installed, and in a timely fashion.
Have a plan to keep all the devices that your business uses patched and up to date, whether this will be done by dedicated IT staff, or outsourced. After all, there really is no excuse for your business to get hacked via a known security hole, that has a patch to fix it that was simply not applied.
Encrypt the data
Another key piece of the security puzzle is data encryption, otherwise data on a hard drive is quite simple for a hacker to cut and paste and haul away by the gigabyte. With the data encrypted, this locks it away from prying eyes, and protects it from all sorts of malicious attacks.
This goes doubly so for devices that leave the company property, such as a laptop with a hard drive. A dramatic example of this type of issue is when West Virginia’s Coplin Health Systems had a laptop stolen from an employee’s car, with the information of 43,000 patients on it.
The incident hit the news, as the laptop was password protected, but the hard drive was not encrypted, a simple but crucial step. Before this happens to your business, be sure to check out our recommendations for the best encryption software.
Look into cyber insurance
Despite taking reasonable precautions as outlined above, sometimes the malware gets beyond the company firewall, and the business does get hacked. It is important to have a plan in place to deal with such an event, that unfortunately is increasingly common.
Just like for other unpredictable catastrophic events, such as a flood or fire, businesses buy insurance policies. The same applies here, and there are cyber insurance policies available, more properly known as cyber liability insurance coverage, or CLIC. These policies offer assistance in dealing with post hacking investigations, data breaches, extortion attempts, lawsuits and privacy violations.
It is estimated that about one-third of US companies have such policies, with significant growth as it is predicted to be a $7.5 billion (£5.74 billion) industry by 2020.