Article courtesy Yeo & Yeo
The best way to defend your organization against a cyberattack is to take proactive steps now, before an attack ever occurs. That way you’ll be prepared if your organization is targeted.
Attacks often begin with phishing schemes. Typically, someone within your organization would receive an email from someone posing as a trusted or well-known source. The employee lets their guard down and clicks on a link in the email. That may automatically provide the scammer with the employee’s log-in information, or prompt them to enter a user ID or password, or both. This allows the criminal to access financial or personal information that can then be used to commit crimes.
Although your organization may not hold the same treasure trove of information as a bank or other financial institution does, the information you store can do plenty of damage if it falls into the wrong hands. Many times, a cybercriminal will be looking to steal individuals’ identities through their Social Security number or other sensitive data.
Finally, hackers are constantly devising more sophisticated ways to invade your organization’s system. One recent innovation is the use of ransomware that may be downloaded to a system through a phishing expedition. This enables the phisher to block an organization’s access to its own information unless it pays a healthy ransom.
Taking Action
Although every situation is different, following are six steps you can take that will help fight cybersecurity attacks:
1. Install a security solution on each device used by top administrative employees who have access privileged information. This will isolate an attack to a single user. Otherwise, all devices might be infected in one fell swoop.
2. Encrypt data. If intruders obtain data, it will be virtually unusable. For servers, set different levels of permission, such as blocking lower-level employees from payroll records. Partition or “silo” information so that access to it doesn’t also grant automatic access to all authorized users.
3. Keep extremely sensitive data on a server that is separate from the network. If an employee is fired or otherwise leaves the firm, the network administrator should disable that employee’s access immediately.
4. Install the latest firewall and antivirus software. However, be aware that these measures aren’t foolproof and the criminals are often one step ahead of the good guys.
5. Establish parameters about using technology, including sites employees are permitted to access. Not much good can come from workers viewing pornography or using gambling sites, for example, and these are often ripe for malware or ransomware.
6. Educate your employees. Convey to employees the importance of being vigilant. Even though workers might be attuned to avoiding potentially dangerous emails, there are still those who don’t realize the damage they can cause by clicking on just one link. Learn how to easily train your employees to think before they click with security awareness training.
Make it clear to your employees that cybersecurity is a top priority and that errors, omissions and exhibiting poor judgment will not be tolerated. Such actions may even be subject to disciplinary measures. Create a culture that makes it difficult for invaders to pierce your defenses.
It can be costly and time consuming to recover from a cyberattack and devastating to your business overall. Although insurance protection is available, premiums may be cost-prohibitive, or insufficient to meet your needs. Focus instead on preventing damage in the first place.