September 1, 2015
While everyone knows the possible dangers of scams and malware on a personal level, companies may not be aware of just how important their cyber-security is. Cyber-attacks on corporations are on a steady rise. According to a study by the Ponemon Institute, the cost of fighting cyber-attacks went up 96 percent from 2009-2014. There was a 176 percent increase in attacks with roughly 138 percent attacks successfully hacking their target.
Cyber-hackers have successfully stolen information from top companies such as Target, Google, Yahoo, Neiman Marcus, Michaels, AT&T, eBay, PF Chang’s, Home Depot, UPS, a number of utility companies and more. According to an annual report on Internet security by Symantec, five out of six companies with more than 2,500 employees were the targets of cyber-attacks. These statistics only cover the readily available information. They do not account for cyber-attacks that have not yet been found. The Ponemon Institute’s survey placed the average amount of time to find an attack at 170 days after the initial infiltration. Not only are cyber-attacks hard to find, but they take a significant amount of time to clear up; the Ponemon Institute pegged the average time to recover from an attack at 45 days. That gives hackers, on average, about 215 days to steal company information.
Many attacks come in the form of phishing or fraudulent e-mail campaigns. Just one employee who accidentally interacts with a hacked e-mail message can create a breach in the company’s Internet security big enough for hackers to make their move. Over the past couple of years, e-mail scams have become more effective and precise at targeting different companies. Some cyber-attacks result from within a company. An intentionally malicious employee can use his or her internal access to damage the cyber-security of their company. Additionally many malware schemes target Point of Sale (POS) systems — as was the case with Michaels and Aaron Brothers — allowing hackers to steal customer credit card information.
Dealing with cyber-security attacks is highly expensive. Hiring cyber security help, closing down programs to prevent further contamination, and loss of customer trust all lead to major profit losses. While the majority of attacks aim for big companies, small companies are still at significant risk. There may be less targeted attacks, but smaller companies tend to have less cyber-security protocols and, therefore, when an attack comes, there is less in place to stop it. Time estimates that non-targeted attacks continue to grow as well, with 1 million new threats arising every single day. Symantec/NCSA estimate cyber-attacks cost medium and small businesses around $188,000 and forced most of the businesses to close shop within six months.
The good news for small companies is cyber-security requires much less protection than bigger companies. Because most of the attacks are untargeted without a hacker specifically trying to break your company’s security, small companies usually only need to standardize their security rather than specialize it.
The first step is to start encrypting all of your sensitive data. Most computers come standard with encryption software. When crucial information such as social security and credit card numbers are simply being stored and not transmitted, this data should always be encrypted. The process only takes a few minutes. Encryption programs generally only work when users have logged out of the computer, so companies should also set up an automatic sign out system for their computers so they will be protected when not in use.
Physically securing your computers in the office can also help protect your company. Many small company attacks actually come from burglars stealing company technology. Burglars are constantly fighting time in an effort to avoid being caught, so adding physical locks and obstacles on the computers can slow them down enough to prevent the theft.
A very important key to protecting your company is to make sure the company Wi-fi is encoded. Wi-fi should be password enabled and the passwords should be as complex and random as the modem allows. This will prevent hackers from forcing their way onto your Wi-fi network which would give them access to your company computers and files. The best way to prevent Wi-fi attacks, however, is to do away with Wi-fi completely and use wired Internet exclusively. The increased hassle of wiring the office will pay off in the reduced chance of hackers getting into the network. Hackers would need to physically connect to the Internet rather than simply connecting to the Wi-fi in nearby locations.
There is a number of different software on the market to help both individuals and companies protect themselves against cyber-attacks. For individuals, a software suite is the most recommended method of protection. Software suites contain not only anti-virus protection but also anti-malware, scam protections, firewalls, and warnings about potentially dangerous sites. Three of the best cyber-security software suites are Bitdefender Total Internet Security 2015, Kaspersky Internet Security 2015 and Symantec Norton Security. All three of these security suites offer the best in anti-virus protection, computer firewalls, and spam protection. Bitdefender and Kaspersky were the only two cyber-security suites to receive an 18/18 score on a real-world performance test, according to the German independent testing company AV-test. Symantec achieved a 15/18. The real-world test puts the security programs out onto the Internet and studies how well they perform across the huge spectrum of malware, hacking and spam programs the Internet currently has to offer. Symantec’s Norton Security is one of the best security suites for cross-platform protection.
Companies should also invest in security suites for all company computers, but may also require higher-level protection. Bitdefender and Kaspersky work just as well for companies as they do for individuals, with competitive prices when purchased in bulk. Businesses should assess if they need specific software to meet particular needs. For example, companies that store sensitive personal information of employees or customers should get higher-level encryption software such as Folder Lock or Advanced Encryption Package Pro. Both packages offer the best in modern day software encryption, as well as additional features such as file shredding.
For companies that send sensitive information through e-mail, encryption software for those e-mails is essential. The best two programs for e-mail encryption are HP SecureMail and DataMotion. Both services are accessible across almost all platforms and have various verification methods. They have easy one-click encryption that is top of the line. They also secure bulk e-mails and e-mail replies to make communication throughout the company quick, easy and safe.
Trying to figure out where a company’s weakest cyber-security area is can be difficult. AVDS software provides vulnerability assessment and management to alert users of possible areas of security weakness. Companies can then directly address potential problems. AVDS is one of the most highly accurate software programs on the market for assessing cyber-security vulnerability.
Employers also need to do their research, or better, hire an expert to educate the employees on proper Internet safety to reduce the risk of a successful cyber-attack. Many cyber-attacks hit their mark through e-mail campaigns. The e-mails get blasted to everyone at a company. Even when 99 percent of the company recognizes the spam, just one person can cause a breach. By educating your employees, the chance that anyone will allow a cyber-attack drops significantly. Security companies can also be hired for general protection. They are specially trained to monitor your company and can spot cyber-attacks much faster than the untrained eye.
For companies that do fall victim to a cyber-attack, address the attack quickly to minimize the damage. The first step is stopping the attack and assessing the damage. Security companies will be able to help you fix the security breach and figure out how much damage has been done. Customers should be alerted if their personal information was possibly stolen. The police should be contacted and may recommend bringing a case to the FBI. If money was taken, they will help to catch the perpetrator and get your money back. It is also important to immediately address any negative reputation that may result. Online reputation firms such as Digital Fusion Business Services specialize in helping companies reduce negative publicity and recover their good name.
Koz Khosravani of Digital Fusion Business Services, is an Internet expert, a computer information systems consultant, an information technology and educational technology lecturer, and teaching fellow at various colleges and universities, including Harvard University, UC-Irvine, UC-San Diego, and UCLA Extension Schools.