Tips for entrepreneurs to avoid an Inevitable Cyber Attack
We live in a technology-driven era, which makes it easier than ever to start and manage a business – great news for aspiring entrepreneurs! The not-so-great news is that the same technology that makes it so easy to bring an idea to life can be used to destroy said idea, when used by ill-intentioned people. Cyber-attacks are increasing in frequency and become more daring, targeting everything and everyone, from the small business owner all the way up to corporate giants like Apple, Sony or Target, to name just two big companies that were the targets of some recent hacks. So, what can you do to keep yourself and your newly started business safe? The answer is simple: you take some measures to prevent the attack in the first place, but you also prepare for it, if it does occur, so the damage will be as minimal as possible.
A burglar doesn’t need to break in through a window when the front door is left unlocked. On the same note, a cyber-attacker will not struggle much if you don’t take some basic security measures.
The first step in preventing a cyber-attack is a no-brainer – using strong passwords. A lot of cyber-attacks are less of an actual attack, and more of a guessing game, where the attacker uses the data he has on the victim to try and guess his password. Using the name of your favorite football team, your birth date or your pet’s name as a password is never a good idea, as this information can be easily obtained from your social network accounts. Instead, the best approach is to have a random word or string of words as a password, combined with some special characters and numbers – something that would be impossible to guess.
Taking things further, consider enabling two-factor authentication in all the places the option is available, thus ensuring that, even if your password is compromised, there is one more layer of security between an attacker and your account.
A network is only as secured as its weakest link, and that weak link can be anything, from an unsecured wireless printer to one of your employees’ infected smartphone. To prevent attackers from using such security holes to access your systems, consider enforcing strict security policies that only allow your networks to be accessed from secured devices within the office, and make sure said devices are using an updated firewall and antivirus solutions. There is a “bring-your-own-device” trend emerging, where employees are encouraged to bring and use their own devices at work, and while this may seem convenient to them, it poses a huge security risk for your company.
So you’ve taken all the necessary measures to make it as complicated as possible for a cyber-attacker to get to you, and while that will ensure a good level of protection, it doesn’t mean that the attacker will not try to hit anyway. This is why you will need to be ready to fight off an attack, and minimize the damage.
Use Protection Tools and Service
Some types of attacks, such as a Distributed Denial of Service attacks (DDoS) don’t target your data, but the functionality of your website and online services. These attacks use a large network of infected computers that are programmed to access your website simultaneously, thus rendering it unusable due to the high number of connections. Luckily, there is a fairly easy way of avoiding such attacks by using a Content Delivery Network. A CDN uses servers spread across multiple data centers to serve the content, thus making it impossible for an attacker to target and incapacitate all of them.
While the combination of security measures presented above makes it nearly impossible for a cyber-attack to get anywhere near your data, it’s always better to be safe than sorry, so let’s assume that an attacker does manage to get your data – how bad will it be for your company? Well, it’s up to you to decide. Besides protecting the paths to your data, you should also protect the data itself by encrypting everything. This way, even if an attacker does manage to get into your network and obtain some sensitive files, they will be useless without the decryption keys.
Consider encrypting every bit of sensitive data (there are software and services that can do this automatically), and keep the decryption keys in a separate place, such as another server or even an offline solution.
By Fredrick Cameron and Conosco.com!