The need for constant countermeasures against hackers focused on committing cyber crimes is simply a fact of modern business operations. The recent WannaCry malware attack — the cost of which already runs in the billions of dollars and which severely compromised the United Kingdom’s National Health Service (NHS) — is the latest example for normalizing aggressive cyber security measures.
The lack of awareness amongst the owners/operators of small businesses is especially severe and dangerous. It seems like such an intimidating technological problem, while media reports tend to concentrate on the issues facing large enterprises, like the NHS and power companies. Although a recent U.K. government study did find that a larger percentage of big businesses reported being victims of information security breaches (90 percent), a significant 74 percent of small businesses did so as well, and many small businesses may not even pick up on some issues.
Here are five steps that will help you protect data and cut down on the risk of a catastrophic data emergency.
The first step is to identify risks. A full risk assessment will identify what data cyber criminals might be interested in, which usually includes private customer data, the loss of which may open you up to fines, lawsuits, and a collapse in trust in your customer base. Track down where your company’s data is stored and who has access to it, including employees using personal laptops and phones on your business network.
Next is to give thought to who may have plans to capture your data. It’s worth researching the kinds of attacks your type of business is usually subjected to. Also, give thought to disgruntled employees or “undercover hackers” who may have recently become employed by you in order to gain access to your network.
Finding the vulnerabilities in your network security system before anyone else does is the best solution and comes next. There are off-the-shelf software tools and dedicated specialists who can carry out these kinds of intrusion detection and prevention system examinations. A penetration test mimics an attack on your information security system. It’s like a cyber “war game” testing your defenses.
Next is to build a realistic idea of what a successful attack on your system would mean. How much damage would occur and what data would be lost? This business-impact analysis will help focus decision-making and create an order of priorities.
Finally, prioritize the potential risks that have been discovered and begin resolving them as quickly as possible. Make a list of what needs to be done to protect not only your data, but also the data of your customers and vendors, and start crossing things off the list.
You’ll never guarantee complete and permanent safety from cyber attacks, but by prioritizing vulnerabilities and taking countermeasures you can mitigate the chances that your business suffers a catastrophic cyber security breach. By having mitigation procedures in place, action can happen more swiftly and effectively in case the worst does occur.
