Hacking: It’s Not If, But When
Experts say you will get hacked sooner or later. According to Verizon, almost two-thirds of cyber attacks target small businesses. And, 60% of small businesses go under within 6 months of an attack — reports USP Capital. No business, even a larger organization like your Credit Union can be complacent. We work with cyber-security experts to keep our systems safe. You might not have the same level of access to these services, but you can learn from the best, and here are some of their top tips to limit your exposure.
- The Basics. UPS and Verizon suggested some “101” precautions including:
- Have a data-breach response plan that includes how you will notify customers and staff.
- Ensure your insurance covers you for online risk—like Farmers Small Business Liability insurance.
- Train staff to spot “phishy” emails.
- Encrypt sensitive data using file encryption services, as well as end-to-end encryption email, like ProtonMail or Microsoft Outlook.
- Adopt two-factor authentication. Although this is a good barrier, keep in mind that it’s certainly not a guarantee you won’t be hacked when first compromised by a phishing attack.
- Keep clean machines. Downloading the latest security software, web browsers, and operating systems is the best defense against online threats. But, remember anti-virus is absolutely not enough—as a standalone feature—to keep you safe.
- Secure Wi-Fi networks. Hiding your network name is sometimes recommended. However, it only hides the name, not the network. This is visible to a hacker, who may seek out “hidden” networks because these appear to have something to hide. For this reason, it’s best to rely on VPN and encryption, like WPA2, to protect your communications.
- Regularly backup your data. Although not foolproof, regular backups can help with data and operational recovery after a cyber attack.
- Secure personal devices, like cellphones, as well as company ones. For mobile devices, use password protection, data encryption, and installation of security apps.
- Consider having a comprehensive network security audit to identify vulnerabilities in your organization. This is not inexpensive, and it will typically cost anywhere from several thousand dollars to $20,000, but it can save you heartache down the line.
- Think about using a security key. Two-factor authentication is good, but it can be compromised by a phishing attack. Another layer of security is a security key, which transmits a short-range signal to a device to authenticate access. Large corporations have used these for years. Google recently introduced a relatively low-cost system called Titan, which they tested with 85,000 employees, reporting no successful phishing attacks since the company started using it.
And, for the latest in threats and all things cyber-security, visit our Trace Security site — developed in collaboration with a leading cybersecurity firm — and sign up for convenient email alerts. Need dollars to boost your business’ security? We can help with flexible-term, low-cost loans. See our low rates here.