Viewing entries tagged
U.S. Small Business Administration recommends the following best practices, For education and cyber-prevention
Establish security practices and policies to protect sensitive information
Educate employees about cyberthreats and hold them accountable
Require employees to use strong passwords and to change them often
Employ best practices on payment cards
Make backup copies of important business data and information
Create a mobile device action plan
Protect all pages on your public-facing websites, not just the checkout and sign-up pages
The survey also found:
65 percent of business owners admit they have been victim of a cyberattack; computer virus attacks are the top type of attack reported at 33 percent, phishing is number two at 29 percent.
86 percent of business owners believe that digital risk will continue to grow.
30 percent of companies with 11-50 employees do not provide any type of formal training on cybersecurity.
Despite the simplicity of regularly updating software, seven percent of companies still fail to take that step.
Reputational risk is among the top reasons (45 percent) why business owners would consider investing in or purchasing a cybersecurity policy.
35 percent of business owners who have never experienced a cyberattack are unaware of the financial cost to recover, highlighting a dangerous gap in knowledge from the implications.
In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack.
What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.
Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.
Even if you had a perfect antivirus program that could detect and stop every single threat, there are many attacks that circumvent antivirus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you.
There several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.
The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.
Here are a few examples:
- Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
- The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
- For example, CompTIA (https://www.comptia.org) left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.
For the physical layer, you need to:
- Keep all computers and devices under the supervision of an employee or locked away at all times.
- Only let authorized employees use your devices
- Do not plug in any unknown USB devices.
- Destroy obsolete hard drives before throwing them out
Next time in Part II, we will talk about the human and network layers of security.