Improving business cyber security

Businesses must protect their data and information systems. Every computer and mobile device is vulnerable to an attack. The consequences of such an attack can range from simple inconvenience to financial catastrophe. Depending on the particular industry, and the size and scope of the business, cybersecurity can be very complicated and may require specialized expertise. However, even the smallest business can be better prepared.

Start with the following simple steps, which are recommended by US-CERT, a partnership between the U.S. Department of Homeland Security (DHS) and the public and private sectors:

Use anti-virus software and keep it up-to-date.

• Activate the software's auto-update feature to ensure your software is always up-to-date.

Do not open e-mails from unknown sources.

• Be suspicious of unexpected e-mails that include attachments, whether they are from a known source or not.
• When in doubt, delete the file and the attachment, and then empty the computer's deleted file.

Use hard-to-guess passwords.

• Passwords are a good first layer of protection, but attackers can guess or intercept passwords. You can strengthen that first layer of protection by avoiding passwords based on personal information or words found in the dictionary; building passwords from combinations of numbers, special characters, and lowercase and capital letters; and not sharing your passwords with anyone else.
• Change passwords frequently.
• Do not give out your password to anyone.
• Additional security measures can protect you even if an attacker does obtain your password. Consider multifactor authentication to strengthen the security of the network.

Protect computers from internet intruders by using firewalls.

• There are two forms of firewalls: software firewalls that run on a personal computer and hardware firewalls that protect computer networks or groups of computers.
• Firewalls keep out unwanted or dangerous traffic, while allowing acceptable data to reach a computer.

Do not share access to computers with strangers.

• Check the computer operating system to see if it allows others to access the hard drive. Hard-drive access can open up a computer to infection.
• Unless you really need the ability to share files, your best bet is to do away with it.

Back up computer data.

• Many computer users have either already experienced the pain of losing valuable computer data or will at some point in the future. Back up data regularly and consider keeping one version of the data off site.

Regularly download security protection updates, known as patches.

• Patches are released by most major software companies to cover up security holes identified in their programs.
• Regularly download and install the patches, or check for automated patching features.

Check security on a regular basis.

• Evaluate computer security settings regularly. The programs and operating system on a computer have security settings that can be adjusted.
• Consider if tighter security, such as multiple-door locks or a high-tech access control system, is needed at the business.

Make sure employees know what to do to maintain current security on their equipment.

• Educate employees on how to update virus protection software, how to download security patches from software vendors, and how to create proper passwords.
• Designate a person to contact for more information if there is a problem.
• Keep employees informed of current security threats where applicable.

Monitor US-CERT current activity.

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT. Visit the page for up-to-date notices on alerts and vulnerabilities reported to them.

To learn more about Hanover Risk Solutions, visit hanoverrisksolutions.com