“How in the world could this have happened?”
This was a common refrain heard in newscasts, on the radio, and read in media in the days and weeks following the Equifax hack.
More than 147.7 million Americans had their private data stolen from what was thought to be one of the most secure servers in the country.
Hackers were able to get their hands on the addresses, birth dates, and Social Security numbers of almost 50 percent of the US population.
With this information, hackers could assume the identity of their victims.
There have been a number of high profile data breaches since the Equifax hack. However, none have touched a nerve like this one.
Common people and politicians feel a deep sense of frustration and betrayal, especially since as of the time of this writing Equifax has not faced legal repercussions.
If anything good has come out of the Equifax data breach , it is the fact that it really emphasized the need for cyber security, whether you are a large, small or medium enterprise.
Keep reading for a collection of easy do-it-yourself fixes for SMEs when it comes to web security.
- Limit Physical Access – Believe it or not, the most popular method for cyber attacks is by physically accessing the computers that are being attacked.In some cases, the computers were stolen from the victim’s work area. In other instances, employees took their work laptops or mobile devices home and had them stolen from their vehicle or left them at a restaurant or other public place.
The same thing can happen with flash drives and memory cards. In addition to controlling who has access to data storage devices, businesses should limit access by fully encrypting laptops, flash drives, memory cards, and other devices that store sensitive information.
Even if the devices were to fall into the wrong hands, encryption would prevent the criminal from gaining access to the information.
- Multi-Factor Authentication – Multi-factor authentication has been adopted by many large tech companies because of its effectiveness.If it is properly implemented, MFA will not only prevent unauthorized individuals from gaining access to your information, but it also provides a level of protection if your passwords or credentials are stolen.
MFA’s rely on the individual attempting to access the information having at least two of the three required factors.
Those are possession, knowledge, and inherent. Knowledge could be simply having the password, security question, or PIN.
Possession means having ID cards, access tokens, or a numerical code to grant access.
Inherent factors would include biometric measurements, such as fingerprints or ocular scans.
- Employee Training – Employees at small to medium enterprises are the first line of defense against cyber attacks.Hackers pride themselves on their ability to create socially engineered intrusions, a tactic that relies on employee trust and gullibility as well ignorance about this type of cyber threats.
Training should include strong password policies and tips to identify phishing scams, including misspelled email addresses, poorly written email copy, and unexpected attachments.
Spearfishing is a pinpointed attack directed toward a particular individual using knowledge that the hacker has obtained about the individual.
They may use this knowledge to ask for login credentials or for sensitive information while pretending to be someone the victim should trust.
- Safeguard Wi-Fi – Your company’s Wi-Fi network could be an entry point for cyber criminals.Ensure that your business uses a firewall. All of the data that travels through your network should be encrypted.
Your router should be password-protected and only be accessible by employees.
Hide your network so that your router does not broadcast your network name.
If having a public Wi-Fi option is part of your business, set that up so that it is separate from the network that has sensitive business data.
- Regularly Backup Your Data – The goal is to prevent cyber attacks. But if business giants like Equifax, Verizon, and others can be breached, it’s likely that your business could be as well regardless of precautions.Backup databases, human resource files, spreadsheets, accounts receivable payable files, Word documents, and any information that is essential for the function of your business.
If your company is attacked by ransomware, your business is not held hostage but is able to continue functioning.
It is recommended that you backup to the cloud and that you check your backup regularly to ensure that it is functioning properly.
We recommend using virtual private servers as they are significantly more secure than standard shared hosting.
It’s true that a VPS will be slightly more expensive than shared host packages, but the added flexibility and security make them more than worth it.
- Strategy for Mobile Devices- Most small to medium enterprises allow employees to bring their own devices to work.This includes things like smartwatches and fitness trackers, which can connect to the web.
Implement and document a plan that addresses the unique cyber security challenges mobile devices create.
Require your employees to use automatic security updates on all of these.
- Disable Admin Rights– Admin rights are a major risk for SMEs.This is because when a user has admin rights, they can do things that might put the machine they are on or the business’s network in peril, such as installing non-approved software or disabling security settings.
Recent versions of Windows has limited admin rights to users who have an account created for that purpose.
The Bottom Line on website security
Small to medium enterprises may view themselves as being too small to be targeted by cyber criminals. This view goes against what the data shows.
According to a report filed by the Federation of Small Businesses, two thirds of small firms in the UK were attacked by hackers between 2014 and 2016.
The danger that cyber breaches pose to small and medium enterprises is greater than what they pose to large enterprises.
Equifax is still in business, they received little if any legal repercussions, and they have the resources to pay PR firms to rebuild their reputation.
Small to medium enterprises usually do not have these resources.
In fact, many small to medium enterprises that are victims of cyber breaches end up closing their doors within one year.
Don’t allow your business to be victimized. Take cyber security seriously and protect your business.
Has your small to medium enterprise employed some of the above mentioned strategies?
Are there other strategies that you have found to be beneficial? If so, tell us about them in the comment section below.