used with permission from Tektonika (HP)
by Karen Gilleland
“Gimme the dough—or you’ll never see your files again!” In this scenario, the thug in the mask is ransomware, and it’s only one of the ways cybercriminals attack businesses—which are often left vulnerable due to poor business security or cybersecurity practices. Alongside the devastating effects cyber attacks can have on individuals, cybercriminals are sucking billions of dollars out of the economy, and you do not want your business in that position.
Toward the end of 2017, the US government passed H.R.2105, a law aimed at helping businesses beef up their cybersecurity by providing guidelines about effective tools and strategies to combat the rise of cybercrime. The National Institute of Standards and Technology (NIST) has been charged with developing a comprehensive set of guidelines by October 2018, but what can you do while waiting around for that to happen? Start firming up your IT environment with the following tips, of course.
Bolster your cyber defenses now
As NIST works to comply with the new law, you can find help in the previous guidelines it’s developed. The previous guidelines provide advice on processes and tools to identify, assess, and manage cybersecurity risks, suggesting you should:
- Limit employee access to data
- Train employees on information security
- Create a security policy and procedures
- Encrypt data
- Install web and email filters
- Patch—or update—operating systems and applications
- Install surge protectors and uninterruptible power supplies to allow employees to work through power outages and save data
- Consider cybersecurity insurance
- Find reputable cybersecurity contractors
Beware the cyber version of Butch Cassidy
Any time you open an email, imagine Butch Cassidy peeking over your shoulder, ready to attack your mail train. According to Symantec, in 2016, one in every 131 emails contained malware. The scams—relying on spear phishing—targeted more than 400 businesses every day.
Your business is vulnerable when your employees click on bad links. Teach your employees how to recognize phishing attacks and what to do should they click on a link that turns out to be infected. Quick tip: Take the computer completely offline to avoid sending phishing links to an entire email list.
Kidnap-proof your files
Ransomware hooks into your business through your employees’ PCs, cell phones, tablets, etc. and holds it hostage—unable to function until you pay ransom to an anonymous attacker, often through bitcoin (which was hit by a major cyber attackitself in December 2017). Ransomware may lock systems down, or it may encrypt files and demand payment to restore the encrypted files.
According to Symantec, victims paid out $1,077 per ransomware attack on average. WIRED boils down the best protective measures against ransomware to four basic steps:
- Back up important data daily
- Educate your employees to avoid phishing attacks
- Install third-party security patches as soon as they become available
- Disconnect infected systems from the network and disable Wi-Fi and Bluetooth on machines
Ride shotgun on your printers
Printers, which are typically unsecured entry points, can leave you exposed to cyber attacks. With a single unsecured printer, you could leave your entire network of connected devices vulnerable to attack, giving robbers the ability to spy on your networked devices—and compromising the security of the whole network.
When considering your next secure printer, investigate integrated security safeguards—and make sure to activate them. With such simple, printer-specific features, you can double-bolt the door to your business. Vigilant business security and cybersecurity practices can help business owners stave off attacks and save their businesses—don’t wait around until your business becomes hacker bait next.