Cyber security guide for the entrepreneur

It isn’t easy to live and work today without confronting the concept of cyber security. We’re constantly bombarded with stories about the insecurity of our personal and professional information from identity theft to virus-infected attachments to massive data breaches. Yet it’s becoming almost impossible to engage in the world without exposing ourselves to these kinds of risks.

Entrepreneurs and business owners may be especially concerned about their security approach, as it’s not just their livelihoods they need to worry about. The security of their employees, their customers’ privacy, and the reputation of their company could be at stake.

What is cyber security?

Cyber security, also known as information technology security, refers to the technologies and practices created to protect computers, networks, programs and data from unauthorized access, theft or malicious attacks. The attacks usually aim to destroy data and systems, extort money or commit other cybercrimes, such as fraud.

Should entrepreneurs and small businesses be concerned?

Yes. Cyber attacks happen every day to every kind of business and individual, but they can happen thousands of times per day to a single computer. According to a recent international survey, 61 percent of companies experienced a cyber attack incident in 2019, up from 45 percent in 2018.

Plus, while many of us might assume hackers go after larger businesses with more resources, small businesses make up a considerable percentage of attacks. According to a 2019 Verizon report, 43 percent of all data breaches target small businesses. Analysts theorize that this is because smaller organizations don’t always have the kind of security infrastructure that larger ones do. In other words, small business cyber security is just as important as that of large corporations.

Data breaches and other cyber attacks can cost businesses a lot of time, energy and money. Some analyses put the cost of a data breach in the millions. A breach could also potentially cost you your reputation and customer trust, especially if your company deals with consumer data.

A few of the most common cyber attacks

Malware

Malware is the umbrella term for malicious software that can enter a computer or network and block access to data or programs, damage files or steal information. Exposure can often happen when a user clicks on a link or opens an attachment.

Ransomware  

Think of ransomware as a specific kind of malware used to extort money from victims. An attacker will, for example, infect a system, encrypt the data and hold it hostage until the victim pays a ransom of some kind. This practice is one of the fastest-growing types of cybercrime; some researchers expect a ransomware attack every 11 seconds by 2021.

Phishing

This type of attack arrives, often by email, disguised as a reputable source. The aim is usually to steal personal data or install malware. This attack is also becoming more common.

Man-in-the-middle attack

In this form of attack, hackers interfere with a transaction or communication of some kind, stealing information as it travels from one place to another. Hijacking your sensitive information often happens through an unsecured public WiFi connection.

DDoS attack

A DDoS (Distributed Denial of Service) attack is a powerful threat against websites, networks and online services that can happen when a hacker floods a system with fake internet traffic and thus overwhelms and shuts it down. DDoS attacks come in many forms but ultimately prevent legitimate traffic from accessing the system, resulting in potential financial losses and other business issues.

SQL injection attack

SQL (Structured Query Language) is a programming language associated with database management. During a SQL injection, the attacker inserts malicious code into the server that uses SQL in order to reveal sensitive information, such as private customer data.

Technologies used to combat these threats

Anti-malware software

Luckily, there are many kinds of software designed to scan files, identify the malicious ones and then delete them. These programs can also actively work to preempt future attacks by providing high-level insights and ways to train users in security best practices.

External and internal firewalls

A firewall is like a gate that protects your computer or network from malware or unauthorized users. In a business setting, installing firewalls between your company network and the open internet is imperative. A firewall between segments of your network will also provide additional layers of security.

Web application firewalls

These firewalls protect websites and online applications from attacks such as SQL injections and DDoS attacks. They filter and monitor internet traffic and usually serve as part of a range of online security tools.

Cloud-specific cyber security approaches

As more and more businesses operate using cloud-based services and applications, not just internal company networks and servers, this is becoming critical.

A Cloud Access Security Broker (CASB) is a tool that stands between the cloud user and the cloud provider to close critical security gaps. It provides visibility for IT staff into users, applications and more to protect against threats, among other vital functions.

A Zero Trust model is an approach to security that assumes that no request is safe, even if it comes from inside a corporate firewall. Now that so much data lives online and many employees work from any device, anywhere, it’s more important than ever to seek out security solutions with a Zero Trust approach.

Cyber security best practices for entrepreneurs

Safe password practices

One of the most common reasons for a successful cyber attack is weak or stolen passwords. Make sure those credentials are strong, unique for every application and not the only barrier to access. In fact, passwords are so easily compromised that some argue organizations should do away with passwords entirely.

Use multifactor authentication

Whether or not passwords are involved, multifactor authentication practices are critical. An extra layer of security goes an incredibly long way. Accounts are 99.9 percent less likely to be compromised with multifactor authentication, according to Microsoft research.

Access management

Using Zero Trust principles also means employing the security concept of “least privilege.” It is safer to limit employee access to only the company data and systems they need to do their jobs. This strategy helps minimize the damage caused by compromised accounts.

Employee education

Research suggests that user error is still the leading cause of security breaches. Among other things, no one should open unknown attachments, click on strange URLs, leave personal devices unlocked in public spaces and, of course, use easy-to-guess passwords.

Data backup

At the end of the day, preventing the loss of critical data requires a range of approaches. Be sure to back up sensitive data in multiple places to ensure that even if you are a victim of an attack, all the information isn’t lost.

Choosing the right security software

There are many different kinds of tools out there. Overall, though, essential features of a comprehensive solution include anti-malware tools, firewalls, coverage for web applications and cloud services, multifactor authentication tools and a Zero Trust approach.

Above all, it’s imperative to realize that no business, big or small, new or old, is safe from cyber attacks. As the landscape expands to include web-based applications and tools, on any device (IoT), from any location, cyber security practices and technology solutions are required. All in all, you want to be ready now and into the future.