Is your information at risk for a security breach? Emphatically, yes.
Any business that is connected to the Internet is at risk, and the only way to escape is to unplug your computer and turtle away from the outside world. In today’s business environment, where information and systems are the lifeblood of an organization, it will only take one security breach to put your company out of business or do irreparable damage to your reputation.
Consider the successful attacks and breaches that affected the CIA and Zappos. Small businesses are not immune to these attacks, just less publicized.
It isn’t a question of whether you will be attacked but when. So instead of panicking, companies need to look at it as an opportunity to take the necessary steps to survive and mitigate an attack and potential breach, says Tristan Smith, information technology manager for First State Bank.
Smart Business spoke with Smith about how to identify and mitigate the cyber security threats that can harm your business.
What steps can businesses take to lower their risk of a security breach?
Here are some tips to help any business from the garage to the enterprise minimize their risk of attack and survive a breach:
- Test web-facing servers often and thoroughly. How often is often? Hackers have probably discovered 10 new ways to exploit your server as you read this sentence. Initiate automated scans and manually scan your web servers at least monthly. Use multi-layered scanning – don’t use the same scan utility over and over. Scan from inside and outside your network. You never know where a hacker may be sitting.
- Patch anything and everything. Keep in mind that your secure environment from a month ago is now wide open thanks to Patch Tuesday — the second Tuesday of each month when Microsoft releases security patches. Some months there are in excess of 30 patches released. That’s 30 potential vulnerabilities. Miss a month … 60 … two months … 120. Hackers are always finding new attack holes and methods into system software. Patches and new versions of system software are frequently released to fix these newfound problems. Hackers are a close knit community and they are more than willing to share your network’s flaws with their neighbors.
- Increase your awareness. Subscribe to newsletters, blogs, twitter feeds, etc. that educate businesses on how to protect your network. There is no such thing as being too educated when it comes to securing your systems and network.
- Train, train and retrain. Retrain your employees every few months. Remind them about the damage that can be done by opening unsolicited e-mails/attachments, loading software programs brought in from the outside and not protecting their passwords.
- Find out what and who is on your network. Is it just your equipment that is attached to your network? Network scans are great but don’t underestimate the benefits of physical walk-thru of your location. Look for anything suspicious or out of place. Physical key-loggers can be disguised as harmless mouse or keyboard adapters. We often check out employee backgrounds but what about everyone else who has access to your premises? Cleaning personnel, utility vendors and delivery persons are often ignored. Don’t think for a moment that hackers/social engineers aren’t aware of this.
- Monitor anti-virus and anti-malware software. Ensure the automatic update feature is enabled. Spot check the software often to ensure that the program is running and that the updates are current. There are more than 55,000 new viruses each day.
This short list is just a starting point and is no way comprehensive. Breaches may take place even if best practices were followed.
Are personal devices posing a security challenge to IT departments?
You need to know which employees use their own devices — smartphones, tablets, laptops — to access corporate resources, e-mail, applications, and file sharing, especially when sensitive information is involved. What happens if one of those devices is lost or stolen, or an employee leaves the organization?
Every organization needs to look at how it uses technology within the organization and make decisions about what is going to be permitted and what is not. It goes back to assessing risk and developing policies and procedures around that.
What should executives do if they discover they are compromised?
The first step is to take a deep breath. Take the time and determine exactly what type of breach was perpetrated and what exactly was compromised. It is critical that you have an Incident Response Plan in place and that you know where to find it. Sometimes we aren’t thinking clearly in an emergency and it helps to have a checklist accompanied with guidelines as to how to handle the incident. There are three things that must be included on your list — an accurate inventory, a review of your system logs to determine how the breach occurred and what information was compromised, and a quick repair of the systems.
Cybercrime is similar to traditional crime. Law enforcement agencies appreciate the collection and preservation of evidence if an investigation is conducted. Don’t just focus on the infected systems. Initiate virus and vulnerability scans on the entire network to help mediate secondary infections. Contact your insurance company too, preferably before an incident to ensure that you’re covered for computer-based fraud or damage
If you do not have the capability to do this in-house, utilize the services of a professional computer forensics company. Do not be afraid to ask for assistance from a professional, as these types of attacks can be very fast and expensive and can reoccur if not handled appropriately. Partner with an organization that specializes in protecting your system and have a security response agreement signed and implemented.
This will ensure they are on premise within hours of a breach and to help fight the good fight.
Tristan Smith is the information technology manager for First State Bank. Reach him at (586) 445-0049 or [email protected]
Insights Banking & Finance is brought to you by First State Bank