In this high-tech era of security breaches, cybersecurity is more important than ever.
And small businesses, especially in the mergers and acquisitions space according to a new Firmex report, are particularly susceptible to hacks and breaches.
What kinds of precautions can a business take to protect its data and its customers’ sensitive information?
Here are six security measures that provide big protection against cyber attacks.
1. Keep Your Employees Informed
Many in today’s workforce don’t realize how easy it is to be fooled by innocent-looking attachments and links within malicious emails. Viruses, ransomware, and malware can invade your system with just one click. Once the trap is sprung, all of your business’ sensitive data becomes a free-for-all to cyber criminals.
Since your employees are an important line of defense, it’s critical that you thoroughly inform them of the latest methods used by cyber criminals. Consider presenting your staff with realistic cybercrime situations that teach them how to recognize suspicious emails and other red flags.
It’s also beneficial to bring in an outside firm to conduct facility breach exercises and social engineering penetration testing. Such third party expertise guards against disastrous cyber attacks by testing your security practices and discovering any holes in your employee training.
2. Use a Trusted Hosting Company
Bad things happen when the company hosting your website isn’t as concerned about your sensitive information as you are. Make sure the company you hire has a good reputation and utilizes proven security practices such as encryption.
3. Secure Your Website With SSL Encryption
No transactions should happen on your website without SSL/HTTPS. For secure financial transactions that don’t risk data being transferred in plain text, you’ll also want to make sure your E-commerce platform is capable of supporting SSL encryption.
To optimize your security, don’t just be content with safeguarding your payment gateway. It’s best to secure your whole website with SSL certification so that all data, from email addresses to financial information, is safe. Also, it’s noteworthy that besides ensuring security, SSL certification will increasingly play an important role in how Google ranks your website.
Related Article: Lock It Up: How to Ace Email Security in 2016
4. Use a Secure Hosted Shopping Cart
You have to be able to trust your E-commerce platform. The best platforms hire skilled employees to find and patch security vulnerabilities so you can focus on business instead of worrying about cybercriminals.
One way to enjoy peace of mind is to choose a platform that’s been through the rigors of PCI compliance audits. Examples of such platforms include Shopify, 3dcart and Bigcommerce.
It’s best to look for platforms that are PCI DSS (payment card industry data security standards) Level 1 compliant. Rather than ensuring safety for a single payment card, PCI DSS Level 1 compliance ensures your business is protected from data breaches across your entire payment network.
Also, consider taking advantage of a QSA certified firm to assist you in the process of PCI DSS compliance. But choose a QSA certified company wisely, and make sure the company uses accurate and complete testing procedures. Any compliance issues for your business can mean stiff penalties in the event of a security breach.
5. Protect Your Business with Web Application Firewalls
WAFs help keep your site shielded against brute force attacks, denial of service attacks, cross-site scripting, and more. Because WAFs are not expensive or time-consuming to configure, there’s no reason for your business to go without this protection.
Related Article: Cyber Crime to Reach $2 Trillion By 2019: What Can We Do?
6. Change Passwords Regularly
Your business’ admins should make sure their passwords are strong, and they should change them frequently. Weak passwords and social engineering are common sources of catastrophic security problems. A strong password is your first line of defense against attacks and intrusions.
- Your password should be at least eight characters long (if you use a Mac on campus, it can only be a maximum of eight characters).
- Alternate using upper and lower case letters.
- Substitute numbers and/or symbols (!, @, #, etc.) for letters
- Do Not use simple dictionary words, names of pets, or personal data easily obtained about you (names of pets, street address); this applies to words both forward and backward.
- Do Not use only one number (such as placing the number one on the end of a word); this is common and easily guessed.
Do Not leave a written copy of your password anywhere near your computer.
There are programs that test dictionary words (backward and forwards), names, and typical number combinations and will crack easy passwords in mere moments.
No matter what preventive measures you take, there will always continue to be more advanced hackers trying to get at your company data. But as Ben Franklin said, "An ounce of prevention is worth a pound of cure."