A simple swipe of a credit card at a convenience store comes at a risk nowadays. Data breaches have become all too common, threatening the loss of sensitive information regardless of the size of the business.
A San Diego-based nonprofit called Identity Theft Resource Center (ITRC) reported that in the first five months of this year the number of data breaches in the United States increased by 35 percent over the same time last year.
ITRC reports on data breaches affecting a variety of businesses and organizations, including healthcare providers, government and businesses. The ITRC reported that by May 30 the number of breaches had hit 698.
Dale Pinney is president of Olaf Solutions Inc. in Metairie, a company that provides hardware and software solutions for a variety of small businesses, including veterinarian offices, doctors, garden centers, and HVAC companies. He says there are simple approaches business owners can take to help protect their clients’ sensitive data. Among the options Olaf Solutions offers is 24-hour monitoring of businesses, with reports every 15 seconds if anything in the client directory or files is changed.
“The No. 1 problem is that no one thinks they are going to be hacked,” says Pinney. “The concept of security hasn’t hit them in the face yet. It is very important for businesses to understand that it isn’t a matter of if, it is when.”
Email usage poses one of the most dangerous threats to user security, says a report from a cyber security firm called Symantec, which noted that approximately one in 131 emails it looked at contained some form of mal-ware. These types of emails target more than 400 businesses every day, at a cost of approximately $3 billion over the last three years.
According to Pinney, there are two principal ways for business owners to protect their information.
Passwords: Don’t Get Lazy
“Weak passwords or passwords that are too complex are a big problem,” he says, noting that in 2015 even former President Barack Obama admitted to having used “password” as his password as well as “12343457” at a cybersecurity summit at Stanford University.
In 2014, “password” was the most commonly used password, according to security company SplashData.
People also often use the same password on every account.
Pinney suggests using a similar password that can be slightly modified for different accounts. For example, using a word like marbles, which can be modified by substituting the “s” for a $.
When it comes to the greatest security risk for a business, however, many leaders in the cybersecurity world agree that the problem lies within: the employees.
Think Before You Click
Here it’s important that employers create an acceptable use policy. Companies need to provide a written set of rules that helps prevent employees from misusing company computers in a way that puts a business, and its clients, at risk.
Clayton Mouney, president of thinkIT Solutions, says that there are two things that business owners frequently overlook when it comes to security.
“First, the data or information of a business is the most important part of any business,” he says. “Protect it as you would anything else that’s important. Second, don’t forget to spend money on employee training. The biggest security risk today is an untrained employee with a mouse,” he said.
For instance, ransomware often enters a system through malicious attachments or emails that invite users to click on a URL, or even an ad attached to a web site. It’s all about educating employees on what a potential attack could look like.
"In 2014, ‘password’ was the most commonly used password."
In May, a global ransomware attack infected thousands of computers in almost 100 countries, including 16 hospitals in England’s National Health Service, which locked doctors and nurses out of patient files unless they paid the ransom. Those attacks were blamed on a piece of malware called WCRY, WannaCry or Wana Decryptor. In total, global ransomware damages are predicted to exceed $5 billion in 2017, up from $325 million in 2015, according to the Ransomware Damage Report published by Cybersecurity Ventures.
This type of cyber-attack allows a hacker to infiltrate a computer and make it so that the user cannot read or access files and documents unless they pay a ransom.
Pinney estimates that the average cost for fixing a ransomware attack is more than $1,000.
The simplest way to avoid or lessen the damage of a ransomware attack is to back up your files, and to do so in a way that is not accessible to cyber thieves, meaning offline and not connected to your desktop system — for example, at home you may use an external hard drive.
Weathering the Storm
Business owners also must keep in mind that attacks on data aren’t always going to come from hackers. Here in Southeast Louisiana, we are all familiar with the power of Mother Nature. Businesses must plan solutions to back up and recover their data if they hope to keep going in the event of a natural disaster.
“Customers have a difficult time distinguishing between back up and disaster recovery,” says Mike Orban, director of business sales for EATEL Business. “Disaster recovery means getting systems back up and running quickly.”
During the 2016 flooding that severely affected the Baton Rouge area, EATEL Business offered a Business Continuity Center within their Baton Rouge Data Center that contains cubicles set aside for customers to work out of if their facility was unreachable.
A plan for disaster recovery is all about time.
“A business owner needs to consider how long they can keep their business operating without their servers running,” says Orban. “They need to have a recovery time objective when thinking about business continuity.”
It’s also important that employees can communicate remotely if needed. For this, some companies, including EATEL, offer a hosted email system and voice service that allows someone to log into their phone and connect virtually.
Businesses should also have a backup list of all their vendors and clients if they are displaced and cannot access their office.
“Businesses that we work with have written documentation of who their key contacts are,” says Steve Noto, a sales engineer for EATEL Business. “You need to have that.”
GOOD TO KNOW
Top 3 Tips for Staying Cyber Safe
1
Internal attacks can be a top threat because employees already have access to sensitive data. Make sure passwords are secure and that there is a best use practice policy in place. If an employee is terminated, make sure to take away their access to the system.
2
Always be sure to choose a reputable cloud storage company to reduce the risk of data leakage.
3
Downloading malware can be done unintentionally when an employee clicks on a suspicious link. As Dale Pinney from Olaf Solutions says, “not all emails have to be opened.”