In the end of September, news broke that the Internet giant Yahoo had been hacked in 2014, and that some 200 million users had their data breached. Comments from the FBI and intelligence officials in the United States indicate that the hack may have been sponsored by another state. Specifically, they have said that the hack bears similarities to other breeches which have been traced to Russian sources.
Yahoo became aware of the attack when reports emerged on hacker sites that someone was selling the data of several hundred million Yahoo users. The company then discovered the source of the breech. Unlike other common targets, the attack does not seem to have targeted credit card or bank information. Instead, the leaked data involved names, addresses, phone numbers, and dates of birth.
Given that Yahoo is one of the bigger companies on the planet, it might seem like their hack confirms that there’s nothing to be done about breeches at smaller companies. This, however, could not be further from the truth. Because smaller businesses often don’t protect their information as well as larger businesses, they are frequently targeted by casual hackers. These five simple things can be done today to improve information security at small companies.
Don’t store information you don’t need
This might be the single most key detail about your business. If you don’t actively need the information you’re keeping, don’t keep it. The less information that can be accessed through your business, the less you will be a target for hackers.
Some information is necessary, obviously. You might need to keep information on your client’s business address and order history, for example. But do you really need their date of birth? Their address history? Even maintaining their credit card information on file can be risky, and the convenience can easily outweigh the benefit to the consumer. If it isn’t necessary for running your business, get rid of it. You’ll have less data to store, and be a less tempting target.
Change passwords when someone leaves the company
This is a simple task, and one that is often overlooked. As soon as an individual leaves an organization, their access to all computer systems should be revoked, and their accounts should be deleted or deactivated. Most businesses agree that this is important, but rarely have a practice in place to make sure it happens, especially if their IT head is the one who leaves.
Some companies create a simple exit checklist that each department completes, ensuring that all necessary steps are taken as quickly as possible.
Keep virus and malware protection up to date
How many times have you closed the notifications from your antivirus software, delaying your update until tomorrow? Do your work machines have robust virus protection installed in the first place? Viruses and malware are the number one way that hackers gain access to computer systems, so keeping these digital parasites from installing themselves into your systems is the easiest way to protect your business. Combined with a strong firewall, most casual hackers will see you as not worth the effort, and go on to an easier target.
Educate your employees
You tell your employees not to click on malicious links, but do you tell them what a malicious link looks like? Do they have easy best practices for what to do if their computer suddenly starts to operate very slowly or their web browser is behaving in unexpected ways? Do they know that if they do something wrong, they should report it, or will they be afraid of getting in trouble?
To protect your business, get your employees on your side. Show them what phishing emails and malicious links look like. Teach them to call across the office and ask “Did you mean to send this to me?” before clinking on an attachment they’re not sure about. Reassure them that if something’s wrong, you want it reported immediately, and that the consequences aren’t going to be severe for them. Protecting your business is more important than raking someone over the coals for an honest mistake.
Backup like your business depends on it
Because it probably does. Have both offsite and onsite backups, so that you are prepared for any significant emergency. One common tactic now for hackers is to lock a system up in such a way that it is inaccessible, and then demand a ransom before unlocking it. Prevent this by having the ability to restore and reinstall your information.
If your small business gets hacked, it might not make the national news but it does have the potential to destroy your company’s reputation. Prevent hacks whenever possible, and handle the consequences quickly if one happens. Let your customers know, consider offering a year of identity management as an apology, and fix the issue that led to the hack.