TECHNOLOGY • December 31, 2014
2 minutes Read
By Gene Marks
Small business influencer Gene Marks is a guest blogger for CAN Capital. He is a celebrated author, columnist and small business owner.
Last year, a client of mine was infected by CryptoLocker. Ever experience this? You don’t want to. It’s “ransomware.” An employee browsed an infected website which, when clicked, downloaded a file that immediately wormed its way through their network, found their server and “locked” all of their files, bringing everything to a standstill. The solution? Pay a $350 ransom to the culprits using a virtual currency (so they could avoid detection) and receive a “key” to unlock the files. After days of trying to reverse its effects, the owners just paid and moved on. The good news is that the makers of CryptoLocker were eventually found by law enforcement. But others will be back, rest assured.
The recent news about Sony’s data breach is only one more wake up call for small businesses. Sony is just one of many companies and organizations that were hacked this year from Target to eBay to the Department of Defense – they’re all listed here. These organizations employ armies of experienced IT people and have the resources to defend themselves, and yet they were still infiltrated. The lesson is that no matter how big you are, no matter how secure you think you are, your company’s security is never 100 percent assured. But there are steps you can take in your business to at least reduce your exposure to data breaches. Here are five things my smarter clients do to minimize their security risk.
Backup your data – in multiple places. Today’s backup options are many and inexpensive. You should have at least two backups of all of your data happening every day. Work with your IT person to determine a combination of the best for you – tapes, DVDs, another hard drive, a storage device, an online service. At least every week test your backup – make sure it’s working and the files can be restored. Don’t just assume it’s running. In a worst case scenario and in the event of a serious virus or malware, you can replace your server with a new machine and restore from backup. You always want to have this option.
Train your people. Although the employee at my client who stumbled on the CryptoLocker virus wasn’t at fault, many times viruses are downloaded at companies mostly due to the ignorance of the people working there. They click on a file or a popup inadvertently and boom – the hacking begins. Ask your IT firm to spend time with each of your employees to teach them what not to do when online, how to identify suspicious files and websites and other best practices for minimizing the risk of allowing a malevolent app to enter your system.
Have a monthly security check. Of course, have security software running on your devices and servers. But, as an added step, make sure your IT people come onsite every month to check that the versions are current and all updates have been downloaded by everyone. That means physically checking devices (or using a remote monitoring application to do so).
Go to the cloud. You may not like paying the monthly fees and you may think it’s less secure, but the reality is that the cloud is probably even more secure than your own system. That’s because cloud-based applications and services are maintained by firms and professionals whose entire business model is delivering this data in a secure manner to their customers. Like Sony, they can never offer 100 percent protection. But they likely have more resources and more qualified IT people working 24/7 than you do in-house; they’ve got the ability to protect and then, if necessary, identify and fix security issues faster and better than you can.
Finally, get insurance. Many insurance companies are now offering coverage for data breaches. Many also offer coverage for business interruption caused by catastrophic situations due to a system failure. If it’s your misfortune to be a victim, at the very least you should have coverage to protect yourself against any potential lawsuits or loss of business profits as a result.
Photo credit: MaximP/shutterstock.com