12 Oct Ten Cyber-Security Tips for Business Leaders
The topic of online security is constantly in the news for one reason or another. The issue affects individuals, large institutions and those in between. Chances are good you have either already been a victim of online fraud, or know someone who has.
Call it the price of our super-connected, wireless, often impersonal, virtual world. As a consequence, threats are growing and evolving rapidly. Risks are everywhere and always changing. There are ways you can protect yourself against fraud, prepare in the event something happens, and generally educate yourself.
Here are some tips:
1. Secure devices against viruses, spyware, and other malicious code
Installing and regularly updating anti-virus and anti-spyware software are crucial. Do that for every computer used in your business. Same passwords should never be used on more than one account and should be changed frequently. Experts say hackers can crack the average six-character password in three minutes. Software like LastPass (www.lastpass.com) can store and remember all your passwords, leaving only one master password to remember. Other companies that offer computer protection are: Fire Eye, Lancope, Inc., AlienVault, Norse, Easy Solutions, AVG Technologies, RSA, IBM Corporation, Veracode, and Palo Alto Networks.
2. Train your employees in security principles
The Federal Communication Commission (www.fcc.gov), highly recommends establishing security practices and policies for employees. They should know what phishing schemes look like so they can avoid them. The most common way for hackers to gain access into a company’s network is through individuals. David Kennedy, founder of information security firm TrustedSec, suggests appointing someone on your staff to stay on top of the latest security threats and defenses.
3. Back up important information and data
Back up the data on your company’s computers at least once a week. Critical data includes word processing documents, spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Set the data to back up automatically if possible, and store copies of important files offsite or on the cloud.
4. Control physical access to business computers and network components
Company laptops are vulnerable targets for theft or loss, so lock them up when unattended to keep unauthorized users from accessing them. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should be given to only trusted IT staff and key personnel. At Highland we have separation of duties among our employees. Some of our physical safeguards involve securing suites, locking files, and cleaning desks.
5. Watch your finances
Work with banks or processors to ensure the most trusted tools and anti-fraud services are being used. Look for warning signs of identity theft, like unauthorized charges or withdrawals, changes you did not initiate, and inquiries about items or services you didn’t buy. Constantly monitor your accounts. At Highland we view inflows and outflows every day. We also use multiple means of communication with third-party transactions.
6. Be careful online
7. Manage and assess risk
The U.S. Small Business Administration (www.sba.gov) recommends you always ask yourself, “what do we have to protect, and what would impact our business the most?” Cyber-criminals often use small businesses (perceived as having less protection) as a bridge to attack larger firms with which they have a relationship. This can make unprepared small firms less attractive business partners in the future, blocking potentially lucrative deals.
8. Consider cyber insurance
Demand for cyber-security insurance is growing. Coverage can mitigate losses from a variety of incidents including data breaches, business interruption, and network damage. According to Department of Homeland Security, a robust cyber-security insurance market could help reduce the number of successful cyber-attacks by: promoting the adoption of preventative measures in return for more coverage; encouraging the implementation of best practices by basing premiums on an insured company’s level of self-protection.
9. Be proactive when something happens
React as quickly as possible. Contact any of the three major credit reporting agencies to report a fraud alert on the affected account. Review your credit reports and close any accounts opened or used fraudulently.
10. Stay ahead of the game
Incorporate the latest developments related to cyber security. Numerous websites offer great guidance on the topic. Here are some: