Millions of people have been the victims of cyberattacks and unfortunately that number is only going to rise as more people gain internet access. According to CSOonline.com, humans have surpassed machines as the top target for cyber criminals. It is predicted that 6 billion people will have internet access by 2022, and hackers see the potential to do more damage with people than with Silicon Valley. In fact, cybercrime damage is expected to hit $6 trillion annually by 2021 — a 100% increase from October 2016.
While individuals are targets, businesses are clearly not immune from a cyberattack. According to the “2016 State of Cybersecurity in Small and Medium-Sized Businesses”, last year out of 598 businesses surveyed regarding hacks, 50% said they were affected by a data breach and 55% said they experienced a cyberattack.
Unfortunately, not all hacks are 100% preventable. However, there are several precautions and preparations businesses and individuals can take to keep their information more secure. The following steps and tips will help both consumers and businesses to exhibit smart online safety.
INDIVIDUAL ONLINE SAFETY
Step One: Accept the fact that your personal information is out there
Yes, it’s true. Even though you may not be a victim, it is more than likely your personal information has been compromised through recent and massive cyberattacks at Yahoo!, Home Depot, and Equifax, which affected more than 145 million Americans. Your information is out there when you request a credit report, apply for a federal government job, sign onto social media accounts, emails, and more.
Step Two: Small changes can make a big difference in security
The old adage “an ounce of prevention is worth a pound of cure” holds true when it comes to improving your online safety. You likely have seen these tips before — but they bear repeating.
Use strong passwords: Scruffy may be a great dog, but his name makes for a horrible password! Avoid phone numbers, maiden names, children’s birthdates — all of that information is readily available for even the laziest of cyber hackers.
Change your passwords regularly: Consider setting a reminder on your calendar to change passwords to your most sensitive accounts
Set up a “trash” account: Tired of dealing with junk email? That junk email could be a phishing scheme designed to get into your system. Set up at least two email accounts— one for your personal and private emails that you only share with close friends and family and a second one for any online business or shopping you may do (this one is your trash account). If your trash account is compromised, you can dump it, and set up a new one.
Use a top-rated email service: They will have firewalls to protect you from bad emails or dangerous links.
Step Three: Act like you’ve been hacked
It may be hard to conclude your personal information is out there, but once you do, you’ll begin to take steps to monitor and manage your online behavior.
Freeze your credit. This provides greater protection of your personal and financial information. A freeze aims to block anyone from opening new accounts in your name if they successfully hack you. You can unfreeze and re-freeze anytime, and it will drastically reduce fraud.
Monitor your accounts. Think of it like an insurance policy where you pay a monthly premium to cover you if you get sick. Monitoring companies look for threats, alert you to suspicious behavior, help to restore your identity if it’s stolen and better yet, even reimburse any stolen funds based on the plan you select.
Keep your software clean and patched. Did you know a cut will actually heal faster if it’s covered? Well, your computer is the same. Public computers are more vulnerable to attacks, so limit your use of public computers or unsecure wi-fi. On your home computer, use virus protection to scan for malware, apply software updates when they become available, and don’t click on links from unsolicited emails.
Consumers who follow these simple steps will less likely be a cyber victim. Visit https://www.dhs.gov/topic/cybersecurity for more information.
KEEPING YOUR COMPANY SAFE
According to the “2016 State of SMB Cybersecurity” report, 28 million small businesses in the U.S. have been breached by hackers — that’s 50%. Why so high? Small businesses are focused on daily operations and they often don’t have the proper protections in place due to lower budgets and lack of in-house expertise. In fact, 59% have no visibility into employee password practices and hygiene and 65% don’t strictly enforce a password policy, and that’s just the tip of the iceberg.
The most prevalent small business attacks are web-based and phishing attacks, but not patching software — as we saw in the case of a large business like Equifax — can lead to breaches as well.
According to Mat Mathews, senior product manager at QTS, “While many S&MEs initially discounted security risks as only a problem for big companies, recent destructive ransomware and cyberattacks, like WannaCry, have many S&MEs recognizing that employing an up-to-date security strategy should be a top priority. And with any security strategy, it’s important to consider both the policies and practices needed to mitigate these risks in addition to establishing response procedures after a security event. Remember, it’s not necessarily a matter of if you will get attacked, rather, knowing what you will do when you get attacked.”
Attacks can cost small businesses a great deal of money. A recent survey of S&ME IT security practitioners found that breached companies spent an average of $880,000 due to damage or theft of IT assets, and disruption to normal operations cost an average of $955,000.
Below are a few tips to consider to increase protections:
Step 1: Move important information to the cloud, including the content most SMBs are concerned about, including customer records, intellectual property, customer credit and debit information, financial information, and employee records.
Step 2: Install firewalls, anti-virus software, and patch systems. Keeping software up to date on servers and individual computers will aid companies in added protection.
Step 3: Consider outsourcing security to an expert. If building an in-house cybersecurity is too expensive, consider moving to a managed security services provider (MSSP). MSSP are companies that provide managed security services remotely vs. onsite, but do your homework. Some simply monitor, but don’t install, implement or executes updates and patches (as in the case of Equifax’s MSSP). Be sure you know what you’re getting.
The research firm MarketsandMarkets forecasts the overall market size for security services to double from just over $17 billion in 2016 to about $34 billion in 2021. The decision to choose a MSSP should not be seen as “farming out” security, but rather as an approach that ensures the SMB will have a committed partnership with security professionals whose priority is the security of the company and its customers’ information.