By Shawn Freeman, the founder of Calgary-based TWT Group.
It's often assumed that only large, enterprise-level companies need to implement cybersecurity measures to protect against cyber criminals and malicious hackers. However, the truth is that now, more than ever, small and large businesses alike need to safeguard their security.
We live in an ever-increasing technology-dependent society, where the threat of cyberattacks has only increased. Hackers have become more creative. No device, system or network is 100 percent safe. Being an entrepreneur, a personable geek and the founder of an IT services company, I love helping others use technology in their businesses to successfully compete with the big guys. And competing with the big guys means acting like them and taking cybersecurity seriously.
No Business Is Immune
According to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview, the odds of your business being targeted are as high as 1 in 4. And no business is immune. Cybersecurity is an ever-moving target and those who don't stay on top of it are at risk -- a risk that can lead to failure for many small to midsize businesses with few resources and staff to devote to cybersecurity. The good news is that organizations can take measures to protect themselves against the high costs and impact of a security breach. Here are five tips businesses can employ now.
The single biggest threat to small businesses lies directly within their own walls. Attacks take advantage of our trust and then intrigue, excite or even frighten us. It is critical to educate your employees on how to recognize and report phishing and other cyber threats to prevent criminals from obtaining sensitive corporate data. Look out for any communications that have a sense of urgency and aren't expected from a third party.
Improve Passwords and Strengthen Barriers
With redundant and weak passwords still common, hackers are gaining access to businesses and their sensitive data every day. Creating differing complex passwords across various sites and tools can create the strong barrier your company needs to keep its information safe.
Passwords aren't the only barrier keeping hackers out. Protect your company from ransomware and doxing threats by limiting user privileges, app whitelisting, patching apps and operating systems and using third-party software with the most up-to-date ransomware defenses. You should also employ a tiered or distributed backup solution to protect you from losing valuable data.
Check for Weak Code
Most attacks run over open ports 80 (HTTP) and 443 (HTTPS) because these ports are generally open and aren't watched closely due to high traffic volume. Unfortunately, many seemingly casual web surfers pose security threats as they search and discover weak code on these open ports.
Rather than combing through thousands of lines of code, use tools to scan and pinpoint weak code and protect against seemingly harmless internet browsing. For example, Flawfinder is an open source and simple program that examines C/C++ source code and reports possible security weaknesses.
Address IoT and BYOD Security
Many companies have failed to secure internet of things (IoT) devices. IoT devices are often unequipped with built-in security measures, as they weren't designed to operate on a public network. Because of this, hackers can use them to access private and sensitive company data.
To protect against this security threat, don't allow devices direct public access from the internet. Instead, install endpoint security solutions, require complex passwords, always use two-step verification or multi-factor authentication when possible and only allow access through encrypted communications.
Secure Your Wi-Fi
Unsecured Wi-Fi can be a very easy target for hackers who can deploy a man-in-the-middle attack, where they position themselves between the victim and the server to receive any and all communication. To protect customers, implement hardware with an intrusion detection system to detect intruders. Such hardware should be regularly updated to offer the best defense.
Ensuring the Future of Your Business Through Cybersecurity
Securing your business is no easy feat -- especially in our continuously evolving technology landscape. Simply investing in the latest security software or technology will not always fix the problem, as businesses are still lacking internal knowledge and training. It can be a full-time job that requires multiskilled professionals to protect your data and your infrastructure.
Every organization has sensitive data that they need to protect. As executives, commit to continually investing in cybersecurity through educating employees, implementing defensive barriers, ensuring strong coding and IoT and BYOD security, and securing Wi-Fi. With these measures, data breaches will be fewer and farther between.
Shawn Freeman is the founder of Calgary-based TWT Group. Shawn helps businesses maximize their IT, using intuitive technology to maximize their efficiency, increase revenue and protect valuable data.