Small Businesses and Cybersecurity

MAZUR_BLOG_Cybersecurity_2018

Cybersecurity breaches in the United States are the most expensive and the top cyber threats are as follows:

• Ransomware & similar deception tactics
– Cyber criminals use information illegally obtained to blackmail a victim, threatening to release the information if they are not paid a ransom.

• Social Engineering
– Phishing- Fabricated emails claiming to be from legitimate sources looking to obtain personal information from victims via email exchange or via a link in the email.
– Spear Phishing- Highly customized or personalized phishing emails attempting to gain immediate personal information to payment.
– Baiting- Malware placed within media and graphics on websites and other online platforms (Like clickbait)
– Tailgating- Predator physically follows a person into a restricted area and gains access to private information

• Password Attacks
– Cyber criminals have password cracking software readily available to them and use it to hack private passwords in order to gain access to personal accounts /devices and information stored within them

• Man in the Middle (MITM)
– Cyber criminals secretly intercept communication between two legitimate parties, sometimes impersonating the other party on both ends on the communication in order to gain information or alter communication between the two.

• Denial of Service (DoS)
– Cyber criminals overwhelm websites with high volumes of traffic or data in order to disrupt the availability of the website to legitimate users and handicap the network.

Cybersecurity is increasingly important to every business in this technological age. Below you will find some advice on how to keep your business safe from cybercriminals and attacks.

Train your employees to practice basic security measures when online. Require strong passwords and create a policy that outlines appropriate Internet use, including penalties for violating the cyber security policies and direction on how to handle and protect customer and company information and data online.

Ensure your electronic equipment is safe by using the latest security software, web browsers, and operating systems. This is the best defense against online threats like viruses and malware. Antivirus software is also necessary. It scans a computer or machine for viruses each time the system is updated.

Your internet connection should always be protected by a firewall (a set of programs that prevent someone outside of the company from accessing the data on your private network). If your operating system comes with a firewall, make sure it is enabled. If your operating system has no firewall to enable, there are sufficient firewall programs and software available for download online. If you have employees that work from home or on a personal device like a laptop or tablet, make sure that their system(s) are also using an up to date firewall software.

In your cybersecurity policy, include a clause for personal mobile devices. Require password protection, encryption of data, and installation of security apps to prevent cybercriminals from stealing information while the device, like a phone, is connected to a public network. Add in procedures for reporting lost or stolen devices with data on them as well.

To ensure that there is never a loss of information due to a breach in cyber security, make sure all important data and information is backed up and or copied from all business devices. This includes word processing documents, spreadsheets, databases, financial files, human resources files and accounts payable and receivable. If an automatic backup setting is available, that is the best option to choose. If not, make sure you back up your data once a week at least and store the copies either offsite or in the cloud.

Limiting physical access to devices with sensitive information is another way to prevent cybersecurity breeches. Do not allow nonemployees to use computers or other devices in your office space. Make sure all personal devices like laptops and phones are locked when left unattended. Each employee should have their own unique username and strong password to log into the company server. And only one trusted employee or IT staff member along with key personnel should be given administrative access on your network.

Your Wi-Fi, if you have it, should be secure, encrypted, and hidden. There should be a password required to use your companies Wi-Fi server and set up your router so that it does not broadcast the network name or the Service Set Identifier (SSID).

Secure your payment and credit card information by working with your banks and processors Make sure that the best tools and anti-fraud services are being used. Payment tracing systems should be kept separate from other systems. For example, do not use the same computer to process credit card payments and to browse the web for leisure or for things unrelated to processing payments.

To limit access to data and information is to limit the abilities of cybercriminals. Employees should only have access to the data systems they need to do their jobs and should not be able to download any software without administrative permission.

Be aware of what is posted on social media platforms as well. Cybercriminals have developed ways to get public information about you personally or your business from social media domains and use it to create highly personalized phishing schemes that are hard to spot. Sometimes users are not even aware that what they are posting is publicly available.

Using your own email domain and maintaining control over it within the business is a helpful security measure. It is recommended not to use Yahoo, Google, Bing, and other public domains for business accounts.

Lastly, require employees to use unique passwords that are to be changed every three months or so. A multifactor authentication that requires additional information to access a computer may also be helpful in cybersecurity. Some vendors who handle sensitive data, such as financial institutions, offer multifactor authentication account options.

Securing your personal information and Company data is of utmost importance in today’s tech-driven business environment. At Mazur & Associates we have relationships with firms who are experts in this field. Please contact us for a referral to an IT specialist who can assist you or your Company.

Although the summertime is upon us, be reminded that we are already in the second half of 2018. It is not too early but instead, prudent to contact us now to take advantage of our tax planning expertise! Call us for an appointment today. We are available Monday through Friday, 8:30 AM to 5 PM, at (732) 936-1230. We at Mazur & Associates, CPAs are here to assist you and design an income tax-savings plan for the 2018 tax year!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s