Preventing Your Business Website from Cyber Attacks
Cyber security is one of those issues that small business owners know they should be concerned about, but sometimes never get around to. That was the case of Eric Erikson, and he regrets the day he didn’t take cyber security seriously.
As recounted in a story on CNN.com a few years ago, Erickson was selling pest control products online when his site was hacked and infected with a virus. Erickson took action, spending several thousand dollars to rebuild it, but not before customers got infected by going to the site and Google blacklisted it, warning potential site visitors that Erickson’s site was infected with malware.
It took three months to get the site back up and listed on Google, but Erickson said, “The whole experience crushed us.” He survived, and good news is that when his site was attacked again last year, Erickson had installed security software and was able to repel the attack.
But don’t just think that cyber attacks can shut down your site. The bad news can be far more serious than that. Cyber crooks can install “keystroke software” on your computer, steal your passwords and drain your bank accounts. They can hack into your social media accounts and create defamatory posts. And they can steal your customer lists or infect your hard drives.
They can put you out of business.
According to the McAfee blog, “In the last year alone, cyber attacks have not only increased in frequency, but also in severity. A serious enough breach has the power to cripple any small business.”
And consider this sobering statistic: The 2012 Data Breach Investigations Study by Verizon found that 71 percent of the attacks they analyzed occurred against businesses with fewer than 100 employees. According to Mike Pugh of J2 Global in the Huffington Post, “Even more frightening: According to an August 2013 story in PCWorld, of those small businesses whose systems are breached, roughly 60 percent go out of business within six months after the attack.”
It is not hard to understand why cyber crooks are increasingly focusing on small and medium businesses – we have less security, generally speaking, than other entities. Large corporations and governments are well versed by now in cyber security, but SMBs remain fairly oblivious, and that therefore makes for easy pickings.
So the answer is yes, you can be hacked and cyber-security is one of those things that you definitely need to bring to the top of your to-do list in 2014.
So how do you keep your site, data, passwords, bank accounts, social media accounts, and vital information safe? Here are seven tips:
1. Install software: This is No. 1 for a reason. Having security software in the cloud is the easiest, smartest, and best way to ensure that your confidential information stays secure. Make sure the software that you get protects you across the board, with antivirus, malware, spam, phishing, and spyware protection.
2. Train your staff: Even though most of us know this, train employees not to open unknown e-mail attachments. Similarly, these days, scammers are capturing data simply by getting people to click on phony social media links and websites, so again, the rule is – if you don’t know it, avoid it.
3. Avoid unknown updates: Let’s say that one day you are on Facebook and Jim has an update that says, “Check out this amazing hang-gliding video!” You click the link and are then directed to “update your Java software” (or whatever).
Updates need to be done systematically and from approved sites.
4. Use strong passwords, and change them often: You know the drill by now, but do you do this? You should. You better.
5. Create an inventory of your devices: Including laptops, tablets, thumb drives, and smartphones. That way you will know if something goes missing.
6. Protect your network: Use firewalls and virtual private networks (VPNs).
7. Create policies and enforce them: Your whole team needs to know how seriously you take cyber security. Explain how you plan to protect your data, what the approved processes are, how to use and dispose of confidential information, what your social media policies are, etc.
Finally, consider buying fraud protection insurance. Just in case.