Computer hacking, data breaches, information leaks, security breaches, hacktivism, cyber espionage. Whatever you may call them, cyber attack attempts are targeting businesses and entities around the globe, with cyber crimes the No. 1 kind of attack, as these statistics by Paolo Passeri for Hackmageddon.com show.
In one of the latest incidents, hackers broke into the network of Community Health Systems and stole more than 4.5 million records. The attack, which originated in China, affected 206 hospitals in 29 states, giving hackers access to patients’ names, birth dates and social security numbers, the exact information they would need to commit identity fraud and wreak havoc on people’s lives.
You’d hope your local hospital would consult with a cyber-security company long before something were to happen to its highly sensitive data. However, the local UPS Store where you ship packages and make copies seems to be in just as much danger of a security break that would allow customers names, addresses, email addresses and payment card information to fall into the wrong hands.
Several years ago, I had a small online antiques and collectibles business. I was using PayPal for customers to pay me safely. PayPal sent an email asking me to update information about my account. There was a link to their website in the email. I logged in, followed the steps by filling in some info and that was it. I went about my business, never thinking twice about it. Then, just days before Christmas, my debit/credit card, which was tied to my personal checking account, was hacked.
I’m fortunate to have a small-town bank with big-city technology and protection. Visa noticed unusual activity on the card, stopped the transactions, and notified my bank, which reimbursed my account. This past January, the bank again noticed unusual activity on my account, stopped the transactions, and reimbursed my account. Would you be so lucky in a cyber attack on your business?
Here are some tips to keep hackers out of your business:
• Assess your company’s risk – Identifying the risk of potential attack and knowing who should have access to certain information is the start of a best practices program for your organization’s IT security. StaySafeOnline.org, part of the National Cyber Security Alliance, shares suggestions to conduct a cyber risk assessment.
• Reconsider your passwords – Using your dog’s name or 123LookAtMe? Cute and “clever” passwords are easy to break through, so making them longer and more randomized can help keep hackers at bay. This article by Caroline McMillan Portillo for BizJournals.com is spot on for protecting your information systems.
• Think encryption – For a small business, the impact from a cyber crime can shut the doors. Large companies like Target or other big box stores may be able to survive, but when data is breached at a small company, customers lose trust and go elsewhere. This article by John Patrick Pullen for Entrepreneur.com discusses how encrypting your data will help keep it safe.
• Don’t carry out business on a public network – Don’t use the local library’s Wi-Fi or coffeeshop hotspot when dealing with sensitive information such as bank accounts. Regardless of whether you’re using a public computer, your own laptop or even a smartphone, it’s still risky. This Huffington Post article by Jason Alderman, vice president of Visa, gives some clever tips on how to protect yourself out in the open if you must do business there.
• Know where to find answers – Take some time and do research. We are all busy, but this is time well-spent for a small business without access to an IT specialist. If you can afford an IT company on a retainer basis, they should be up-to-date on the latest security issues and hoaxes and have the ability to fix something for you. If they don’t or can’t, find someone who can. If you are unable to afford that type of service, take time to do some reading on reputable websites. The United States Computer Emergency Readiness Team has information for all size companies as well as individuals. It’s a good place to start.
• Be aware – The ways of cyber criminals are numerous and varied and becoming even more intricate. That PayPal site I mentioned earlier was an exact replica of the real thing. Nothing would have tipped me off that it wasn’t the real PayPal site. Today, the company sends out emails warning of fraud and scams to its users. And so does my bank, for that matter. Does yours?
Have you or your company ever been involved in a security breach? How did you handle it? What did you learn from it? We’d like to hear your experiences.