A Proactive Approach to Cyber Security for Small Businesses
In terms of cyber security, the spring and summer of 2018 weren’t good for several Canadian enterprises. It began near the end of April, when several services in the Ontario municipality of Wasaga Beach were victims of a ransomware attack. Nearly two months later, the municipality agreed to a $35,000 CAD payment to regain access to four of the most important servers.
In June, CarePartners (a home health care services provider) informed the public about its own security breach. Names, contact information, and detailed medical records were stolen by cybercriminals who threatened to make the data publicly available if their demands weren’t met.
How can a business protect itself?
If you’re wondering whether your own company is safe from cyber attacks, you're not alone. Keep reading to learn about the different kinds of cyber attacks, plus tips you can use to proactively protect your business.
Understanding the different types of cyber attacks
Cyber security is constantly evolving, though there are several common types of attacks that every business should know about, including:
Malware means malicious software, including spyware, ransomware, viruses, and worms. The software breaches your network through a vulnerability, usually when someone clicks a link or opens an attachment that then installs the software. Malware programs can block access to parts of the network, make a system inoperable, transmit data from a hard drive, and more.
Phishing occurs when fraudulent communications are sent with the goal of obtaining sensitive data, like login information. Email is the most common medium and the correspondence is designed to look trustworthy.
SQL injections are all about code — an attacker inserts malicious code into a server using SQL, forcing the server to reveal information that shouldn’t be readily available. Sometimes, all it takes is inserting the code into a website’s search box.
Man-in-the-middle (MitM) attacks, or eavesdropping attacks, occur during two-party transactions. In one method, attackers use an unsecured WiFi network to get between a device and the network. Once they’re in, it’s easy to steal sensitive information.
Protecting your business from cyber attacks
Cyber attacks are a frightening prospect for any company who deals with data, but the best offense is a good defense. If you’re proactive about data protection and IT security, your chances of becoming a victim are greatly reduced. With that in mind, here are 10 best practices you need to implement:
- Use a firewall for your Internet connection to prevent attackers from accessing data. Employees who work remotely also need the protection of a firewall.
- Offer training and information about cyber security to all employees, and document all security policies.
- Don’t give one employee access to every data system — only provide access for the systems a person needs to do their job.
- Make sure your WiFi network is secure, encrypted, and hidden.
- Schedule regular and automatic backups of all important data.
- Stay up to date on your updates, including for web browsers, operating systems, and security software.
- Require strong passwords on all devices, including laptops and mobile devices.
- Mobile devices should be password protected and encrypted. Install security apps that prevent attackers from stealing information while the device is on a public network.
- Choose your third-party vendors wisely and double-check their commitment to security, especially payment processors who deal with customer information.
- Ensure every team member follows the password security tips in this article.