Call it irony or coincidence, but October, the month in which we celebrate mischief and pranks, also is designated to remind companies that cyber criminals continue their bad tricks. October is annual National Cyber Security Awareness Month (NCSAM), a collaborative effort between government and industry to ensure that companies and individuals protect their information and themselves online. It’s a reminder for small businesses if they don’t have a cyber attack response plan, they should work on one.
Results just released from Nationwide’s second annual Small Business Indicator, which included 502 small businesses with less than 300 employees, indicate that 78% of participants still don’t have a cyber attack response plan, although 54% experienced at least one type of attack. Among the companies that did experience an attack, 60% said that it took longer than a month to recover. Yet despite the potential disruption to business and the loss of sensitive company and customer information, 45% of those without a plan in place don’t feel their company will be affected by an attack
Computer viruses at 37% topped the list of types of attacks followed by phishing at 20%. Respondents also experienced:
- 15% trojan horses
- 11% hacking
- 7% unauthorized access to customer and to company information
- 6% data breach or issues due to unpatched software
- 4% ransomware, in where a criminal blocked a site until money was paid.
Remote and mobile workers up the security ante
As more and more workers work remotely, with estimates that as many as half may be doing so by 2020, according to a survey of leaders at a Global Leadership Summit, the cyber security risk goes up. Managing remote devices can be a challenging problem and Bring Your Own Device (BYOD) raises the stakes. With BYOD more personal devices are accessing the corporate network, which results in more network entry points for nefarious individuals and organizations. And there is the risk of data getting in the wrong hands if devices used outside the office are lost or stolen.
Remote workers accessing company networks over public WiFi also pose a serious risk, since these networks are not secure, making it easy for cyber criminals to intercept connections and inject malware. Hackers even spoof public WiFi networks, creating access points with names that are similar to legitimate connections. As a result, a remote employee may unknowingly log onto the wrong site, enabling hackers to access sensitive information, such as a password, as it’s sent.
Enhance remote workers security
Cyber security policies should start by requiring employees:
- Avoid the use of public access WiFi for any business critical information activities. The prohibition also goes for public computers, such as those available in airport or hotel business suites.
- Create strong passwords with multi-characters and change them at regular intervals.
- Make sure data protection software is up to date on all devices used for business. Software includes antivirus, firewall, encryption and web filtering.
- Ensure mobile devices are with them at all times. Never leave them in cars or even in hotels room if there is any concern about someone unauthorized getting into the room.
Take additional security measures
Use VPN: You can easily protect your data from unsecured Internet connectivity with remote Virtual Private Network (VPN) access for mobile users. A VPN enables a remote computer to securely access your company network by encrypting data when it’s being sent and unencrypting it at the receiving end. So even if a hacker were able to access some of your data, it would be encrypted. VPNs also can help protect your network from viruses better than firewalls, which often compromise data access.
Mobile Device Management Software (MDM): MDM Software enables you to grant or deny access to company data and automate the distribution and/or updates of apps and security tools. If a device has been stolen or lost or belongs to an employee who has left the company, you can use MDM software to wipe data off a mobile device.
Headsets: Also keep in mind, company information can be compromised by someone overhearing a conversation. Headsets that cancel out background noise make it easier to hear and be heard without raising your voice. Encourage employees to wear noise-canceling headsets when they are conducting calls that involve sensitive company and customer information, in and out of the office.
Make sure October – and every month for that matter – is a treat and not a trick at your small business by taking the right cyber security steps