Become Familiar with Cyber Threats
The first step in bolstering a company’s online security efforts is to understand the various cyber threats that are out there. This helps determine the risks that a website and/or internal network might be facing.

You can start by having your information technology (IT) manager, or outside IT resource, provide you with an overview of common cyber threats and how they are carried out. This should be followed by a comprehensive assessment of your company’s website, internal network, firewall, software systems and email communication program, to name a few.

For example, common types of cyber attacks include:

Trojans - A type of malware that tricks users into clicking something (e.g., software update) that loads viruses onto their computers.

Malware - computer code that is designed to steal private information and/or destroy computers and servers.

Spyware - a form of malware that spies on users and records their keystrokes to access information.

Worms - viruses that can attack either a single computer or an entire network of computers.

Phishing - fake emails that are used to steal usernames, passwords, credit card information and more.

Establish Basic Security Protocols
Numerous studies indicate that over half of all privacy breaches are caused by insiders, the majority of whom simply made mistakes. When your employees are knowledgeable of security risks, they will be less likely to do something that puts your company’s information at risk. An online security training session is a great way to educate your employees. You should also establish security protocols and communicate them to your employees so they are fully aware of the penalties for violating business rules and policies.

Prevent Internal Security Breaches
According to an Identity Theft Resource Center (ITRC) study conducted last year, approximately 11.7% of security breaches were performed by malicious insiders. Preventing inside data theft is a difficult task, particularly if your employees use personal devices (smartphones, tablets and laptops) and portable storage devices. Without the right security tools in place, a malicious employee can access your company’s vital information and transfer it to a USB drive in a matter of minutes.

Steps to Take
There are several strategies you can employ to stop an insider data breach before it happens. One of the most widely used solutions is data loss prevention (DLP) software, which prevents your employees from transferring critical information outside of your company’s network. Another strategy to consider is limiting access to certain websites and technologies. Install software to block websites that offer file sharing, and format all of your computers’ thumb drives and CD/DVD drives to prevent data from being illegally transferred. Lastly, there are numerous programs available that monitor your employees’ Internet, email, printer and scanner usage.

Use Firewalls to Help Keep Hackers Away

Hardware Firewalls
Hardware-based firewalls have different levels of protection and are configured to provide optimum protection to every computer on your network. A hardware firewall’s primary responsibility is to prevent hackers and malicious traffic from getting into your company’s internal network. Hardware firewalls can also be used to “block” certain internal departments from each other.

Software Firewalls
Investing in a powerful software firewall system provides a digital barrier between your company’s network and malicious traffic.

When used together, hardware and software firewalls can provide your business with a higher level of protection from hackers. Because the installation and configuration of hardware and software firewalls is a complex and involved process, these tasks are best suited for information technology professionals. Once you have installed your firewall, it will need to be regularly monitored by an IT professional to make sure it is working properly. Additionally, an IT professional is your best resource for downloading patches, updates and other security enhancements as they become available, as well as providing support for email, voice over IP (VoIP) and virtual private networks (VPNs).

Install Antivirus and Antispyware Software
Antivirus and antispyware software with built-in security applications can help protect every computer at your business, even those that are used away from the office. There are a large number of antivirus and antispyware software packages available, and most of them offer automatic update features that you can set to run whenever you want. You might want to update your software at night so that nothing interferes with you and your employees’ daily tasks.

Make Sure Your Website is Secure
The industry standard for securing websites is the Hypertext Transport Protocol Secure setting (HTTPS). When filling out forms and/or making purchases online, the web page(s) that are being used switch from HTTP to HTTPS. The HTTPS setting provides users with maximum security; it encrypts their personal and financial information and ensures that it will be transported through the Internet safely. Online certification authorities such as Symantec, Verisign and GlobalSign issue HTTPS certifications to companies of all sizes, and in all industries. In order to receive a digital certificate, your website needs to meet stringent requirements set forth by the certification authority. Finally, adding an online certification logo to your website lets people know that it is a trusted place to interact and conduct business.

Regularly Backup Your Data and Your Website
Prevention is the best medicine when it comes to preventing lost website data and content. Periodic website backups ensure that you will always have access to your web content should an unexpected problem occur. Your web hosting company maintains a complete copy of your website on a server network, but check to see if they offer managed backup services.

Consider a Move to the Cloud
You can give your website extra layers of protection by backing it up on your own secure servers and to a cloud-based server. Cloud storage will enable you to do a full website restoration quickly if your office and server gets damaged by a fire, flood, earthquake or other natural disaster. Backing up your website is a relatively simple task that can be managed by your IT professional.

Have a Post-Hack and Post-Breach Plan
If your website and/or network ever get hacked, or if your company suffers an internal breach, you need to move swiftly to get the problem resolved. After you have an IT professional get your website and network restored, have them update your website software, plugins, extensions and other related tools, and run a complete backup of your website. Next, change your password for all important access points (e.g., FTP, SSH, and cPanel), along with your database and administrator accounts. You should also have an IT expert run a virus scan on every computer, laptop and tablet in your office. Lastly, it is also a good idea to have your employees change all of their computer login passwords and email passwords.

Inform Your Customers
If your website is hacked and knocked offline, your customers will become frustrated. Plus, potential customers who find your site via organic search, referral traffic, or social networks will probably not come back if they see an error message or a blank screen. If your website will be offline for a considerable amount of time, be proactive and protect your brand. Have an IT professional place a temporary landing page on your website that tells users when you anticipate being back online, and that you are extremely sorry for the inconvenience. You can also post this message on the various social networks that your company or equipment dealer business uses.
 
If your website is well-designed and user-friendly but isn’t safe and secure, your online relationships will be jeopardized. Invest in the tools, hardware and software that can protect your website and network infrastructure from hackers, viruses, and other malicious activities. 

---

Matt Edenhofer, IT Manager, Balboa Capital