Published on December 29th, 2017 | by Manish Gehlot


What are some of the most common mistakes small business owners make regarding cyber security?

The landscape of information security is no longer a teenage hacker sitting in a dark basement. Nation states and organized crime hire highly trained, competent hackers to look for unprotected machines and infrastructure worldwide. Information is valuable. A complete set of personal information sells for $75 to $500 per individual. Hundreds of thousands of these transactions occur every year, equating to big business for cybercriminals. Even if your organization is not a target for data theft, hackers will hijack technology resources such as processors, storage, RAM, and bandwidth, to perpetuate attacks against other targets, dragging your IT resources to a crawl. Small business is not immune, and an effective defense involves a layered approach. Common mistakes include:

  • Believing a firewall and anti-virus are enough.
  • Neglecting updates on equipment and software. Patching mitigates a tremendous amount of risk and should include all end-user operating systems, server operating systems, manufacturer firmware for all networking equipment and monetary transaction equipment.
  • Password management. Do not leave default passwords in place. Do not use the same password for everything. Change passwords at least twice per year. Create strong passwords with at least eight characters upper and lower case, numbers, and special symbols. Do not use dictionary words. A tip for creating and remembering strong passwords is to use the first letter of words in favorite sayings, quotes, song lyrics, verses and add numbers or symbols.
  • Connecting IoT devices to the same network as computers and mobile devices. Smart devices (also known as IoT or Internet of things) devices are experiencing a huge growth. These devices are always connected to the internet and often have very little security. A hacked IoT device can easily become a jumping point for the hacker to access the rest of your network. Do not put IoT devices on the same network as your computers and other systems that contain critical business information.
  • Lack of awareness. Annual information security training for small business owners and employees can help mitigate the risks associated with social engineering attacks. An example of a social engineering attack is someone who calls and poses as a manufacturer representative or system user asking for passwords.
  • Having the same people do IT and security. An information security professional outside the organization is more likely to provide objective, unbiased recommendations. One of the worst mistakes an organization can make is to add security to an information technology professional’s to-do list. An instant conflict of interest arises.
  • Neglecting to hire someone to perform an annual penetration test. An annual penetration test by a Certified Ethical Hacker (CEH) or Certified Information Systems Security Professional (CISSP) details vulnerabilities. Annual tests can help a business save money in the long run by allowing a business to leverage the information to prioritize purchases and action items for security.

How do I keep viruses and hackers out?

Keep software and equipment updated, implement security awareness training for all employees, and have strong password policies. Hire a qualified information security professional to objectively assess the network, develop a security plan, and conduct annual penetration tests.

How to protect yourself against ransomware attacks?

In a ransomware attack hackers gain access to your computers, encrypt critical business data (in reality they encrypt all the data they find on infected computer, hoping some of this data is critical to your business) and demand a payment for decrypting your data. Follow these guidelines to help protect yourself.

  • Use a backup service that continually backs up your files when they are changed, yet keeps track of the previous versions of all files.
  • Pay attention to how long it would take to recover your data from a backup if you needed to. It is not enough to have a backup. You need to be able to get your data back quickly enough to resume your business operation.
  • Maintain a high level of cyber security. Update software and firmware, use a strong password management policy, educate your staff, perform annual penetration testing.

What are Denial of Service attacks, and how can small business owners protect against these type of attacks?

A distributed denial of service otherwise known as DDoS is a malware attack directed at online services which aim is to overwhelm it with traffic from multiple sources and make it unavailable. These attacks are increasing in their number and size.

In September 2016 OVH, a French hosting provider, was attacked by hacked IoT devices using malicious code called Mirai. It was the first 1 Tbps attack in history. The problem lied in IoT data security which most companies push aside when creating their devices. Who could ever think that a smart thermostat could be used to attack websites or even huge hosting companies.

If you are responsible for cybersecurity in your company, you should know how botnets such as Mirai work. Here are few tips on how to straighten your network against DDoS attacks:

  • Your should have extra hardware to switch to in case of attack.
  • Install an automatic DDoS reduction system that will split all traffic and filter all requests from bots and compromised devices.
  • Keep the most important data on premises. Storing everything in the Cloud could lead to losing the access to your data during DDoS attacks. Imagine loosing access to your data for days. For this reason many businessmen prefer to sync Android with Outlook business account using Cloudless syncing software like AkrutoSync.

What should small business owners know about being HIPAA compliant?

There are technical and nontechnical requirements for HIPAA. Read them carefully and hire a qualified information security professional for the technical part. Consider HIPAA a minimum requirement imposed by the federal government. By considering security an ongoing process, professionals automatically address compliance and account for changes within the regulatory framework.

What type of cyber security policies business owners implement for their staff?

A business loses a critical layer of defense when skimping on policy. At a minimum, policy should include:

  • Annual security awareness training. Every employee is the first line of defense against social engineering attacks. Attackers will find the easiest way in and it may not be through the network.
  • A process to remove credentials for former employees. Disgruntled former employees are a threat to the organization.
  • Strong passwords.
  • Mandatory patching of all equipment and software.
  • Annual penetration testing which includes social engineering.

Secure handling of documents, especially anything with passwords or encryptions.

Tags: , , , ,

About the Author

I am a privacy, security, encryption and software freedom enthusiast. I am into VPNs, TLS security. Recently I also got into technical writings. I am working as a VPN support and consultant at some nordic VPN providers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑
  • fifa 23 mynt

  • Start reading

    • Infographic: Essential apps for coffee loversInfographic: Essential apps for coffee lovers
      Right-click the picture and open in a new tab to …
    • Our New Normal Isn’t Working From Home, It’s Way Better!Our New Normal Isn’t Working From Home, It’s Way Better!
      With large swathes of our workforce furloughed, working from home …
    • Is Japanese Online Casino About to Blow Up?Is Japanese Online Casino About to Blow Up?
      There are quite several legality issues in Asia in as …
    • Minecraft for Android Caves & Cliffs UpdateMinecraft for Android Caves & Cliffs Update
      Have you already studied all the features of the Minecraft PE update? If not, then this article will be very useful to you, because here we will tell you in simple words and about the most important thing about the most significant update of this year, namely Minecraft PE This update is available to all users of operating systems and Android users. In the new update, players can find a large number of the most interesting and unique content, namely new ore, new mobs, blocks, and much more. Let’s take a look at all the features of this update below. Features of the Minecraft PE update As mentioned earlier, this update has a lot of interesting and unique content. The Mojang dev studio is releasing more and more updates every week, with more and more content being added in step to update the Caves and Cliffs. For example, if you go back a little and remember the release of Minecraft PE 1.16.221, new items were introduced into this update, namely, new candles were added, which are presented in 16 different colors, as well as amethysts. We draw your attention to the fact that players can interact with candles, namely, they can be set on fire and, accordingly, extinguished. These candles are made of honeycomb and thread. Many players can find different uses for candles, but most often candles are used as decoration in the Minecraft world. Let’s go back to our Minecraft PE update. This update has a large number of different features, for example, one of the features of this update is Copper Ore. This ore has the ability to oxidize. Copper blocks oxidize over time and acquire a characteristic greenish coating. Thanks to the greenish coating on the copper, players can see how old a particular structure is. At the same time, it is possible to stop the oxidation process; for this, simply cover these blocks with honeycombs. By the way, from copper, players can craft an item called Spyglass, as well as a block called Lightning Rod in Minecraft. Also, a new item will be added to the game, namely the Amethyst Geode, using which players can create new items. You can get amethyst material in geodes that are located underground. In geodes, players can find Budding Amethyst blocks on which amethyst crystals form. A spyglass …
    • Key Considerations while sending COVID-19 emailsKey Considerations while sending COVID-19 emails
      With the number of cumulative cases of Covid 19 growing …
  • Browse by category

  • Advertisement

  • Recent comments

  • Subscribe to updates

    You can get the latest posts from Techno FAQ delivered to you via Email or RSS.

    Enter your email address:

  • Advertisement

  • Subscribe to our RSS feed
  • Find us on Facebook

  • Latest tweets

  • Advertisement