Let’s Talk about Cyber Security, What You Need to Know About Cyber Security for Your Growing Business

Cyber Security. One of the most important areas to be proactive in your business, and one of the areas most often overlooked. According to Norton, a leading company in protecting a cyber presence, “Cyberattacks are an evolving danger to organizations, employees, and consumers. They may be designed to access or destroy sensitive data or extort money. They can, in effect, destroy businesses and damage people’s financial and personal lives.”

Because it is so important for the overall health of your company’s data and your client’s private information, we wanted to tackle this conversation head on and give you some information to help you develop your plan of attack and prevention in place to protect one of your biggest assets.

What is Cyber Security?

According to Norton in previously quoted article, cyber security is “the state or process of protecting and recovering networks, devices, and programs from any type of cyberattack.” Digital Guardian defines it as, “ the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access...may also be referred to as information technology security.” To put it a little more simply, it entails the steps necessary to protect your data kept in your electronics through implementing best practices for use of your technology, through software and hardware protection, and educating your team how to make smart decisions on how to proceed with sensitive information kept in your cyberspace.

What are the different ways my company can be attacked digitally?

Norton says that there are 3 different categories of cyberattacks:

1. Attacks on confidentiality- stealing information.

2. Attacks on integrity- leaks leading to lack of trust in an organization.

3. Attacks on availability- preventing users to access their own data, often requiring a ransom or fee to get access back.

There are a few different types of cyberattacks that fall into the above mentioned categories:

• Social Engineering: the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

• APTs (Advanced Persistent Threats): an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected.

• Malware: software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system

• Ransomware: a type of malicious software designed to block access to a computer system until a sum of money is paid.

• Phishing: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

How do I protect my business’s data and digital information?

According to multiple software and information protection companies- your company’s best defense against any type of cyberattack includes a multidimensional plan of proactive protection and aggressive offense in the case that you do experience an attack on your data. Your gameplan needs to include a plan for your technology, a plan for your practices and processes, and a plan for educating your users and helping them stay up-to-date with this area of life that is evolving everyday.

Cisco says in regards to technology: “Technology is essential to giving organizations and individuals the computer security tools needed to protect themselves from cyber attacks. Three main entities must be protected: endpoint devices like computers, smart devices, and routers; networks; and the cloud. Common technology used to protect these entities include next- generation firewalls, DNS filtering, malware protection, antivirus software, and email security solutions.”

According to Observeit.com here are the 10 most important things to keep in mind when creating your processes to help prevent cyber breaches.

1. Establish and maintain a formal information security framework that allows your team to detect incidents, investigate effectively, and respond quickly.

2. Stop data loss by controlling access, monitoring vendors, contractors, and employees, and know what your users are doing with company data.

3. Use technology to detect insider threat by monitoring user activity and discovering when there is unauthorized activity.

4. Back up data.

5. Beware of social engineering by…

6. Educating and training your users.

7. Have clear use policies for employees and 3rd parties.

8. Keep software and systems updated.

9. Create a response plan ahead of time that allows you to close any vulnerabilities, limit the damage of the breach, and allow you to correct immediately and effectively.

10. Maintain compliance with outside regulations your business may be subject to, such as HIPPA, PCI, or FERPA.

When it comes to educating your users, Norton and Cisco suggests that these nuggets of wisdom to become common knowledge amongst your team.

• Only trust https:// urls.

• Regularly backup your files.

• Don’t open attachments or links from unknown users.

• Keep your devices updated with the newest software.

• Create strong passwords, and update them regularly.

Creating a plan for preventing cyber attacks or breaches is essential to your growing business. Unfortunately there is not a one size fits all solution in the always evolving cyber world, but there are common things all companies need to consider when creating their plan of action. Utilize your experts to analyze and assess where you may have weaknesses and create a plan for prevention and correction. As we have said before, it is an area that is regularly evolving, so you will want to re-evaluate and adjust on a regular basis. By taking steps to keep your data and client information confidential, you are doing what is essential for the overall health of your business.