Protect Your Company: Guard Against Cyberattacks

May 1, 2016
While everyone knows the possible dangers of scams and malware on a personal level, companies may not be aware of just how important their cyber security is says Koz Khosravani, president of online reputation services company Digital Fusion Business Services. Cyberattacks on corporations are on a steady rise. According to a study by the Ponemon Institute, the cost of fighting cyberattacks went up 96% from 2009-2014. There was a 176% increase in attacks with around 138% attacks successfully hacking their target.
Cyber hackers have successfully stolen information from top companies such as Target, Google, Yahoo, Neiman Marcus, Michaels, AT&T, eBay, PF Chang’s, Home Depot, UPS, a number of utility companies, and more. According to an annual report on internet security by Symantec, 5 out of 6 companies with over 2,500 employees were the targets of cyberattacks. These statistics only cover the readily available information. They do not account for cyberattacks that have not been found yet. The Ponemon Institute’s survey placed the average amount of time to find an attack at 170 days after the initial infiltration. Not only are cyberattacks hard to find, but they take significant amounts of time to clear up; the Ponemon Institute pegged the average time to recover from an attack as taking 45 days. That gives hackers, on average, about 215 days to steal company information.
Many attacks come as phishing and fraudulent email campaigns. Just one employee who accidentally engages with a hacked email message can create a breach in the company’s internet security big enough for hackers to make their move. Over the past couple of years, email scams have become more effective and precise at targeting different companies. Some cyberattacks result from within a company. An intentionally malicious employee can use their internal access to damage the cyber security of their company. Additionally many malware schemes target Point of Sale (POS) systems, as was the case with Michaels and Aaron Brothers, allowing hackers to steal customer credit card information.
Dealing with cyber security attacks is highly expensive. Hiring cyber security help, closing down programs to prevent further contamination, and loss of customer trust all lead to major profit losses. While the majority of attacks aim for big companies, small companies are still at significant risk. There may be less targeted attacks, but smaller companies tend to have less cybersecurity protocols and therefore when an attack comes, there is less in place to stop it. Time estimates that non-targeted attacks continue to grow as well, with 1 million new threats arising every single day. Symantec/NCSA estimate cyberattacks cost medium/small businesses around $188,000 and forced most of the businesses to close shop within six months.
The good news for small companies is cybersecurity requires much less protection than bigger companies. Because most of the attacks are untargeted without a hacker specifically trying to break your company’s security, small companies usually only need to standardize their security rather than specialize it.
The first step is to start encrypting all of your sensitive data. Most computers come standard with encryption software. When crucial information such as social security and credit card numbers are simply being stored and not transmitted, this data should always be encrypted. The process only takes a few minutes. Encryption programs generally only work when users have logged out of the computer, so companies should also set up an automatic sign out system for their computers so they will be protected when not in use.
Physically securing your computers in the office can also help protect your company. Many small company attacks actually come from burglars stealing company technology. Burglars are constantly fighting the time in an effort to avoid being caught, so by adding physical locks and obstacles on the computers can slow down burglars enough to prevent the theft.
A very important key to protecting your company is to make sure the company wifi is encoded. Wifi should be password enabled and the passwords should be as complex and random as the modem allows. This will prevent hackers from forcing their way onto your wifi network which would give them access to your company computers and files. The best way to prevent wifi attacks, however, is to do away with wifi completely and use wired internet exclusively. The increased hassle of wiring the office will pay off in the reduced chance of hackers getting into the network. Hackers would need to physically connect to the internet rather than simply connecting to the wifi in nearby locations.
There is a number of different software on the market to help both individuals and companies protect themselves against cyberattacks. For individuals, a software suite is the most recommended method of protection. Software suites contain not only anti-virus protection but also anti-malware, scam protections, firewalls, and warnings about potentially dangerous sites. Three of the best cybersecurity software suites are Bitdefender Total Internet Security 2015, Kaspersky Internet Security 2015, and Symantec Norton Security. All three of these security suites offer the best in anti-virus protection, computer firewalls, and spam protection. Bitdefender and Kaspersky were the only two cybersecurity suites to receive an 18/18 score on a real-world performance test, according to the German independent testing company AV-test. Symantec achieved a 15/18. The real world test puts the security programs out onto the internet and studies how well they perform across the huge spectrum of malware, hacking, and spam programs the internet currently has to offer. Symantec’s Norton Security is one of the best security suites for cross-platform protection.
Companies should also invest in security suites for all company computers, but may also require higher level protection. Bitdefender and Kaspersky work just as well for companies as they do for individuals, with competitive prices when purchased in bulk. Businesses should assess whether they need specific software to meet particular needs. For example, companies that store sensitive personal information of employees or customers should get higher level encryption software such as Folder Lock or Advanced Encryption Package Pro. Both packages offer the best in modern day software encryption, as well as additional features such as file shredding.
For companies that send sensitive information through email, encryption software for those emails is essential. The best two programs for email encryption are HP SecureMail and DataMotion. Both services are accessible across almost all platforms and have various verification methods. They have easy one-click encryption that is top of the line. They also secure bulk emails and email replies to make communication throughout the company quick, easy, and safe.
Trying to figure out where a company’s weakest area of cybersecurity is can be difficult. AVDS software provides vulnerability assessment and management to alert users of possible areas of security weakness. Companies can then directly address potential problems. AVDS is one of the most highly accurate software programs on the market for assessing cybersecurity vulnerability.
Employers also need to do their research, or better, hire an expert to educate the employees on proper internet safety to reduce the risk of a successful cyberattack. Many cyberattacks hit their mark through email campaigns. The emails get blasted to everyone at a company. Even when 99% of the company recognizes the spam, just one person can cause a breach. By educating your employees, the chance that anyone will allow a cyberattack drops significantly. Security companies can also be hired for general protection. They are specially trained to monitor your company and can spot cyberattacks much faster than the untrained eye.
For companies that do fall victim to a cybersecurity attack, the faster they address the attack, the less damage will be caused. The first step is stopping the attack and assessing the damage. Security companies will be able to help you fix the security breach and figure out how much damage has been done. Customers should be alerted if their personal information was possibly stolen. The police should be contacted and may recommend bringing a case to the FBI. If money was taken, they will help to catch the perpetrator and get your money back. It is also important to immediately address any negative reputation that may result. Online reputation firms such as Digital Fusion Business Services specialize in helping companies reduce negative publicity and recover their good name.