An online thief has to somehow gain access to your computers, your network, and/or your private information in order to be effective in a cyber attack on your business.
There are great teams of IT security analysts who do a phenomenal job stress testing your current network protection measures to reveal weaknesses and soft spots where would-be hackers might sneak in and steal.
The quality IT analysts cost tens of thousands to do what they do, and while I believe that is money very well spent if you can afford it there are some relatively inexpensive (and some free) strategies you can adopt that are very effective at preventing cyber crime.
I’m just going to laundry list them below:
- Use only one computer for banking transactions and nothing else (literally. NOTHING else, ever). Keep that computer in a locked and camera-recorded location with physical access granted only to a couple employees.
- Create separate networks. Use one only for your banking computer, one for the other company-owned office devices, and one for public use (this is the only one to which your employees should connect any privately-owned or portable devices.) In addition, be sure the password for each network is highly encrypted and routinely changed.
- Make sure the public/employee and banking networks are not connected in any way to your office server.
- Outlaw the use of USB drives on pain of death (okay, death may be a little extreme but you get the picture.) One of the oldest tricks around is for a hacker to simply drop a USB drive in the company parking lot. Some unwitting employee strolls by, notices the USB drive, thinks, “hey, lucky me!” and then proceeds to insert the drive into a computer that is connected to your office network. Congrats! You just lost all your private information and all your money.
- Communicate clearly with employees that they are not to open any links contained in an email. EVER.
- This is ESPECIALLY important for the employees who will be using the banking computer, but it is important for everyone else too. Emails can be phished or spoofed, and the tainted email contains instructions that seem to come from a higher up in your company. Why wouldn’t they do what it says? Next thing you know your bank accounts have been drained or one of your financial employees sent a large payment to a hacker and you will almost certainly never see that money again. Solution: instruct all employees to get verbal confirmation from an office line or a well-known and often-used cell phone number (ie NOT the new phone number mentioned in the email) from the employee who supposedly sent the email BEFORE any payment is sent out.
- Be certain any subcontractors who do any work whatsoever on your computers check their own hardware thoroughly before using it on your office network. Also be sure that they do not have the ability or know not to connect any personal device to the office networks.
- Last, tell your employees to pay attention. If something seems weird or feels off about an email, a website, or an attachment/file of some sort they should report it BEFORE they open it up.
Well, that’s it for now. Many of the above steps have no cost to implement, and those that do should be minimal – – – especially compared to the cost of having a highly-qualified cyber security audit.
I hope that is helpful information for you, and I hope it will prevent would-be hackers from even thinking of trying to steal your business’s information.
At the very least, if you follow the steps above you’ve done enough to annoy hackers by making their job far more difficult than it otherwise would be (probably more than most businesses in your area, and hackers typically prefer easy prey.)
To Your Success,