Now that computers have become common household items and the Internet has become an extremely lucrative channel for businesses, the threat of data breaches should be taken seriously due to the availability of the tools and the increase in number of potential targets.
While there are many hackers who only target random individuals out of mischief, there are more of them who specifically go after businesses because they are motivated by monetary gain. So any business, even those that are not relying on an online business model, is a target. Due diligence should be practiced by any business owner, which means adopting the following security best practices for businesses:
Enforce Strong and Safe Password Policies
A large number of scandalous data breaches among large businesses have nothing to do with software vulnerabilities or technically proficient hackers. Instead, these very costly (either in terms of actual monetary loss or PR-wise) incidents usually stem from employees or executives who have been negligent in keeping their passwords safe, resulting in either their access being compromised through “brute-force” hacking or social engineering and phishing attacks.
To prevent company passwords from falling into the wrong hands, the following are suggested:
- Enforce the use of strong passwords, which are characterized by the use of alphanumeric characters and symbols. It is imperative to avoid words that are easily guessed (such as an employee’s name, birthday or common phrases such as “god is love”.)
- If possible, passwords should be randomly generated and issued to employees by the IT department, and there should be regular password resets.
- Employees must be reminded not to share their access to anybody or to use the same passwords across different accounts.
Take Advantage of Available Technologies and Security Measures
It is important to keep abreast of any existing technology that could help strengthen network security – make use of firewalls, security applications, VPNs, biometric security and any other extra software/hardware if they will help protect your business from data breaches. Do not sacrifice network security in favor of convenience.
It’s a given that some additional security measures such as enabling two-factor authentication on email passwords or mandatory password resets will inconvenience the users, but these are negligible inconveniences when compared to the consequences of your business’ network of PCs getting hacked.
Provide Employees with Basic Training on Cyber Security
All the software and hardware security tools in the world would not do a company any good if its employees commit cyber security faux pas on a regular basis, such as opening random email attachments, visiting shady websites on their workstation or using their work email on publicly accessible computers. A company should at least give an orientation to new hires and newly promoted staff, just to ensure that the employees won’t provide hackers with security loopholes borne out of lack of knowledge and training.
Don’t Store Data That Isn’t Really Necessary for Operations
One of the reasons many data breaches that occurred in the past decade are so devastating is because companies have been collecting too much sensitive user information, even if they are not really needed in operations. Not many companies need to store sensitive information such as credit card numbers or private contact information of their customer. In fact, storing these information makes the business much more appealing to hackers. Hackers motivated by profit won’t really hack your business if they won’t gain any monetary benefit from the act.
Hire Trained Staff to Protect Your Network
Businesses that manage to minimize their manpower costs by training existing staff to handle IT-related tasks are admirable, but it should not be encouraged within the context of security and hacking prevention. If you hire people who are actually trained to handle cyber security, you could stand to benefit more in the long term as the manpower cost will ultimately pay for itself over time, due to the savings that the business will incur over not having to deal with the fallout of a scandalous data breach or information theft.
There are a number of ways to go about this. You can hire security experts and absorb them into your business’ existing IT department, or you can hire IT services in Melbourne. This should minimize manpower cost slightly as you’re technically only paying for security experts when they are needed, as opposed to adding yet another department’s running costs.
Some business have even pushed the envelope and actually hired “white hat” hackers to try and find any security blind spots in their networks. By way of example, Microsoft and Google in the past have offered bounties to hackers, in the sense that individuals are encouraged to hack their services in exchange for financial reward. This ensures that all vulnerabilities are found and reported so they can be patched, as opposed to being kept secret by malicious individuals who would exploit it for long-term personal gain (or just to cause trouble, because there are hackers who just want to watch the world burn.)
Hope for the Best, Prepare for the Worst
Of course, no preventive measure is truly foolproof. Even if you manage to adopt the best and most expensive security contingencies possible, you shouldn’t be too confident that the business will be completely protected from any cyber-attack. New exploits are revealed on a daily basis, hackers can discover new vulnerabilities on previously airtight code, or an employee may accidentally suffer a momentary lapse of judgment. No business is 100% safe from hacks. You should still prepare for the event of a data breach or a malicious break-in.
Such a contingency measure could include both on-site and off-site back-ups of important data, redundant servers, IT staff on call or security experts on retainer. The basic idea is that you do everything you can to prevent hacking incidents, but the business should also be resilient enough to continue operations and recover from any successful hacking incidents.