Your law firm is under attack. Right now, extremely dangerous and well-funded cybercrime rings in China, Russia and Ukraine are using sophisticated software systems to hack into thousands of small businesses like yours to steal credit cards, client information and swindle money directly out of your bank account. Some are even being funded by their own government to attack American businesses.
Don’t think you’re in danger because you’re “small” and not a big target like J.P. Morgan or Home Depot? Think again. Eighty-two thousand new malware threats are released every single day and half of the cyber-attacks occurring are aimed at small businesses.
Cybercrime is at an all-time high and hackers are setting their sights on small and medium businesses that are “low hanging fruit.”
In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number is growing rapidly as more businesses utilize cloud computing, mobile devices and store more information online. You can’t read the news without learning about the latest online data breach and government fines and regulatory audits are growing in number and severity.
Because of all of this, it’s critical that you have these seven security measures in place.
- Train employees on security best practices. The No. 1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing email. If your employees don’t know how to spot infected emails or online scams, they could compromise your entire network.
- Create an Acceptable Use Policy (AUP) – and enforce it. An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and email. Don’t allow employees to store confidential and important firm information on unprotected cloud apps like Dropbox that are outside of your backup. Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a companyowned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place. Having this type of policy is particularly important if your employees are using their own personal devices to access company email and data.
- Require strong passwords and passcodes to lock mobile devices. Passwords should be at least eight characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode will go a long way toward preventing a stolen device from being compromised. This can be enforced by your network administrator so employees do not put your organization at risk.
- Keep your network up-todate. New vulnerabilities are frequently found in common software programs you are using, such as Microsoft Office; therefore, it’s critical you patch and update your systems frequently. This can all be automated by your IT partner so you don’t have to worry about missing an important update.
- Have an excellent backup. This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to have them returned. A good backup will also protect you against an employee accidentally deleting or overwriting files, water damage, hardware failures and a host of other data-erasing disasters. Your backups should be automated and monitored.
- Don’t allow employees to download unauthorized software or files. One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent” looking apps. This can largely be prevented with a good firewall and employee training and monitoring.
- Don’t scrimp on a good firewall and content filtering software. Is your firewall and antivirus configured properly and up-to-date? A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. However, all firewalls need monitoring and maintenance, just like all devices on your network. Don’t allow your software subscriptions to lapse.
You’ve spent a lifetime working hard to get where you are. You earned every penny and every client. Why risk losing it all? Get the facts and be certain your business, your reputation and your data are protected. Dave Kinsey