5 Ways to Avoid a Network Breach
A network data breach is a very expensive problem for a small-business owner to manage. When data is lost or compromised, you have to react quickly and notify customers about the breach. To handle the fallout that follows, you may add more legal experts and customer service specialists to your team, while hiring additional IT experts to ensure it doesn't happen again. All that fallout-control adds up, and that doesn't even take into account the cost of having your company's reputation damaged by a network breach.
Here are five ways to protect your business and your bottom line from cyber-security challenges in the year ahead.
1. User Safety
"Users are always the weakest link in any security program," says Andrew Storms, director of security operations for nCircle, an information risk and security performance management firm based in the San Francisco Bay Area.
"Small businesses can use free security policy templates that describe the best practices for both internal and remote users, to get started training their employees," Storms says.
Michael Gregg, CEO of Superior Solutions, a Texas-based firm that provides network security services and cyber-security training, agrees that employee training is a key to protecting a small business from a network breach.
"Provide good training to your employees," Gregg says. "So many of today's attacks have a social component such as phishing, SMIshing and malicious websites."
Gregg says it's also important that employees only have access to what they need and not have additional administrative powers.
Jamie Manuel, identity and management analyst with Aliso Viejo, California-based Quest Software, now part of Dell, says it's important to examine every single entry point into your network to make sure each person still needs access or the same level of access.
"You may not have the same budget and staff as a large enterprise, but in this case it is a huge advantage," Manuel says. "That means you have a smaller number of identities to check."
Manuel recommends engaging someone from payroll in the identity checking process.
"While it's feasible that someone may not have identified IT to disable an employee or contractor's access, it's almost guaranteed that payroll will have been notified," Manuel says.
2. Password Strength
"Using default and blank passwords is like leaving the keys in the car and your doors unlocked," says Storms. He says his company conducted a study that found eight of the 10 most critical vulnerabilities on small-business networks were related to weak or default passwords.
Barbara Goushaw, chief business development officer with High Bit Security, a provider of IT security and other services in Rochester, Minnesota, recommends passwords of at least eight letters in upper and lower case and a mix of symbols and numbers, in the security checklist she distributes to clients.
Stronger and more complex passwords make entry points into the network less vulnerable to hackers.
3. Proper Systems and Control
It's not enough to have a workforce trained in best cyber-security practices; it's also important to make sure your technological innovation is optimized to deflect network breaches. That includes installing current patches for the firewall and software applications.
"Most attacks take advantage of a vulnerability or a security weakness that has been around for a while," says Gregg with Superior Solutions. "Keeping systems patched is of utmost importance."
Anti-virus software should be in place and constantly updated as security threats change from day-to-day. Guests who are using a business's wireless network should not have access to internal systems.
Jeff Chandler with DigiCert, a provider of SSL Certificates in Lindon, Utah, says SSL is another way to protect from network breaches.
SSL is a protocol that encrypts data as it is transferred across the Web. SSL is used by online retailers to protect customer purchasing information, but that is not the protocol's only use.
"These certificates are commonly used by small businesses on their internal systems as well to protect their mail servers and other parts of their network from intrusion and to protect sensitive data exchanged among employees or between an employee and a customer or vendor," Chandler says.
4. Monitor, Monitor and Monitor Some More
Once your systems and procedures are in place, you have to constantly monitor how they are working, because new cyber threats develop very quickly.
"It's crucial that you set up a routine schedule to recheck three things on a regular basis," says Manuel. "You must treat this as a task of high importance because a security breach can kill your business."
Manuel suggests using one of the monitoring tools on the market to look for network abnormalities. He says there are some that are free or offer free trials.
"Just before a hacking attempt is successful, your logs would likely show repeated failed login attempts, maybe even hundreds in a very short time, something that a typical employee would never do," Manuel says. "Even an inexpensive monitoring tool can notify you of such a trend and initiate a lockdown for that account."
5. Be Vigilant
Never assume that a network security breach can't happen to you.
"We have had more than one client say, 'Why would anyone target us? What do we have of value?'" Gregg says. "All profitable businesses have something of value and must consider what their key assets are and how they would protect these critical items."
Managing users and their access, putting cyber-security measures into place and monitoring their effectiveness are keys to protecting technological innovation at your small business in 2013. You'll get more than peace of mind ... you'll know you are proactively fighting unwanted expenses.Want more small-business technology advice? Read these technology articles.
Carla Turchetti is a veteran print and broadcast journalist who likes to break a topic down and keep her copy tight. That's why this bio is so brief! Carla blogs via Contently.com.