If you do any business online, you need to be aware of your cyber risks. Just like a physical business will put up cameras, hire security guards, put up fences, you need to take actions to protect your digital assets. It’s a scary world out there, and there is a legitimate threat from bad actors that spend their days targeting businesses and trying to find vulnerabilities to exploit. Because of all of this, and much more, we all need to be a little more aware of what cyber security is and our roles to help promote good practices. Regardless of whether you own a business or not, if you use the internet, shop online, go to school online, or do anything online, you should be paying more attention to your digital habits. In this episode we are going to start peeling back the layers of cyber security. When practicing safe cyber and information security, there are three main things we want to take into consideration. We want to focus on prevention, detection, and recovery. In other words, we want to be proactive and do whatever we can to prevent something bad from happening. If something were to occur, we want to be able to act quickly. Finally, in the unfortunate event that something bad does happen, we want to have a plan to get back to our baseline. Let’s explore each of these topics in today’s episode.
While not always easy, you want to prevent bad things from happening. Looking back at our first post, you want to protect your data and resources. Unfortunately, a lot of businesses believe that they can get away with a minimal effort here. As seen in the news countless times, the number of companies that get hacked is overwhelming. In many cases, improved prevention could have created a different outcome. And it’s not just businesses either, your personal information, company information that you have access to, it should all be protected. I’ve heard that it’s too expensive to invest into having good prevention, so some folks get by with the bare minimum. This is a silly idea because it’s always more expensive to fix something later than it is to fix it before a crisis happens. If you have any digital information or resources, protecting and preventing cyber attacks from happening to you should be your number one priority. Don’t skip this step. The same way you put up cameras and alarms to protect yourself, you should be taking the appropriate steps to prevent cyber attacks from happening to you. We’ll go over specific details on how to prevent it in future posts. For now, we are laying the foundation of cybersecurity, but rest assured, we’ll get into specific actions you can take.
Assuming you did everything you could to prevent a cyber attack from happening, the next step is to be able to detect it. Cybersecurity is a constant, evolving game. A policy you set up at the beginning of the year, might be obsolete by Summer. The tactics and strategies that hackers use are constantly changing. Your security policies have to change along with them otherwise, when an attack is successful, you’ll be crippled. If someone is successful in attacking you, you need to be able to quickly and swiftly detect the attack.
If you did everything you possibly could to prevent and detect an attack, then comes dealing with the aftermath. After an intrusion, or even a natural disaster, the road to recovery can be a long one depending on how much you prepared for this moment. Right now, while everything is calm, you should be taking action to document everything about your system, resources, and data. You need to create a baseline that accurately allows you to know what “normal” looks like. If you have this, when someone attacks you, it’s easier to detect anomalies because you have something to compare against. If your systems get taken down and you need to rebuild, you know how to restore a system back because you have all the configurations, software, and details documented. If you don’t have all of this handy when an intrusion, attack, or disaster strike, recovery becomes much harder. You miss things and some things get forgotten. Take some time and do what you can to protect your assets. You need to have a solid strategy and recovery plan to come back online if something bad happens. Every day that your business is down, is a day without revenue. Not only will this hurt your wallet, but you risk losing the trust of your customers in the process. Have a recovery plan!
News Roundup and Discussion
While you cannot prevent every cyber attack, you should try to do as much as you can. Ransomware, an attack that is becoming increasingly popular takes advantage of companies that fail to prevent, detect, and recover appropriately. Ransomware attacks can be easily mitigated if you have a great backup policy. Ransomware attacks will typically encrypt your hard drive along with all your data unless you pay a ransom. Even if you pay the ransom, you are not guaranteed that you’ll get your data back. If you have a great recovery plan, you should be able to get back online quickly with minimal downtime. But, unfortunately, many do not prepare and when disaster does strike, they are left dead in the water. Hospitals a common target for ransomware attacks, but just about any business can fall victim to this attack. If you are not preventing or detecting attacks, you should at the very least have a good recovery plan. Things will go wrong at some point, it’s only a matter of time.
Actions for Small Business Owners
Cybersecurity can be expensive. You should be investing money into protecting your assets and data. With almost every business going digital, not practicing these basic cybersecurity principles could have serious consequences to your business should you ever become a victim of an attack. Biggest action is to start investing in good cybersecurity practices. At the very least, make sure you have a backup of your stuff. If you do not have a backup and your data gets lost, you will have to rebuild everything from scratch. This is something that could potentially put any business out of business.
Actions for every day users of the internet
Attackers aren’t just attacking businesses, your personal computers can be in danger as well. Know which computers are supposed to be on your network. Be mindful of things you download from the internet and always have a backup of your data.
It is a smart idea to try to stay ahead of an attacker whenever possible. Every day, there is a new attack. If you have any valuable digital information, you should be doing everything you possibly can to protect it. Do not wait for an attack to happen before you take action. An attack is inevitable. Even if you do not get attacked, computer systems fail every once in a while. As a business owner your data is your business. If you lose that data, you could risk losing your business as well. Don’t prolong this. Start today and start implementing basic cybersecurity practices in your life.