Business Tips

Computer hacker

Hacker alert: what to do if you have a security breach

Venture capitalist Ted Schlein infamously stated, “there are two different types of companies in the world. Those who have been breached and know it, and those that have been breached and don’t know it.”

Which one are you?

Hackers love small businesses. So much so that 53 per cent of cyber attacks targeted small businesses in 2016.

Why? Because you’re easy targets.

Many small businesses lack the funds, technology, or the know-how to protect their data, making them a hacker’s paradise. All it takes is one wrong click in a phishing email, or a movie software download, and your stored files or data are in the hands of digital pirates.

[bctt tweet=”Hackers love small businesses. So much so that 53% of cyber attacks targeted small businesses in 2016.” username=”FUEL_byExakTime”]

How are hackers getting in?

Humans – people are generally the weakest link in any security chain. A vast number of data breaches are the result of information being lost or distributed to the wrong person.

Denial of Service (DOS) attack – that’s when your company’s website becomes overwhelmed by a volume of data pushed to your servers in a malicious manner. Your website will go down and you won’t be able to access anything.

Pretend C-Level Execs  – a criminal poses as a senior person within your firm, either by hacking or “spoofing” their email account, and convinces someone with financial access and authority to make a payment.

Hack attack – a hacker manages to gain access to your company’s network, by exploiting an unpatched vulnerability within the software, allowing them access to your company’s data. The target is usually personally identifiable information (PII) on your customers, especially their credit card information.

Holding you hostage with ransomware – a phishing email is sent out. Your unknowing employee opens the email. As a result, a piece of malicious software encrypts all of the data on your company’s network, and the perpetrators request a ransom in order to provide you with the decryption key.

The costs could end your business.

What will it cost you? Thousands to millions of dollars. In fact, according to Symantec, the average cost of a security breach starts around $10,000. But those numbers don’t account for damages moving forward, like your reputation and your employee’s trust. If you own a business, you’re responsible for keeping your data (read: your customer’s and employee’s information) safe from hackers.

What you need to do ASAP!

Our first piece of advice is to get help. Look into getting help from security companies who can do a review of your business for potential holes. However, that may take too long. So to start, you need to make these moves today:

  • Write your internet security protocols and distribute them. This is the perfect time to create some technology guidelines if you don’t have any in place. Add them to your employee handbook and make sure everyone reads them and signs them. Hold people accountable and let them know it’s in their best interest to follow them.
  • Check access. You should have various levels of access to your systems. No password sharing allowed–kick that habit ASAP! Make sure only the owner, or one key company leader has administrative access to your systems. If an employee can virtually stumble into proprietary or personal documents or information, you have a problem!
  • Make downloading a thing of the past. Enable internet security protocols so your employees are not able to download anything from the internet on their own. A harmless click can cost you your business.
  • Stay on top of security alerts. This one is a bit harder since you are so busy, but the more you know, the faster you can warn your employees to not open those phishing emails. Here’s a resource to help you stay informed.
  • Toughen up your password standards. Yes, passwords are frustrating and hard to remember, and that’s why we choose easy ones. Unfortunately, easy for you means easy for hackers. So make your password requirements more stringent. Experts suggest lengthy passwords (over 6 characters) with combinations of upper and lowercase letters, symbols, and numbers required.

With these cyber safety and security precautions in place, you’re setting your business up for success and protecting your company against a potential security breach in the future.