Ever-more-sophisticated computer hacking of business networks and Web sites will require more safeguards and constant vigilance.
Think cyber crooks aren’t interested in your business? Think again. It’s not only the biggest or best-known companies that get hacked by organized syndicates or smaller cybercrime actors looking to steal corporate secrets and customer data.
Every company is a potential victim, even firms that spend heavily on security systems and IT staff. A determined and knowledgeable hacker will find a way to penetrate, and it can be costly. Losses are hard to calculate, but estimates from theft range as high as $1 trillion a year worldwide.
You may have been hit already and don’t know it. Many criminals operate under the radar, planting spyware and stealing valuable company data for months without businesses knowing it until it’s too late. Some thieves will tap into your customer base, grabbing credit card and other bank account information. Others copy trade secrets and sell them to competitors who may then lure away your customers. This is in addition to those who crash sites with the aim of keeping your online operation down for days and costing you business.
Not all of the popular targets are obvious. Charities and other nonprofits are targets because their lists and information on benefactors and donors can be valuable. And criminals often go after beneficiary lists from life insurers.
Organized crime rings are behind a high percentage of the attacks, often operating from abroad -- Russia, Ukraine and China, especially.
Fail-safe protection doesn’t exist. Even the Pentagon, with a battalion of the best computer specialists, gets hit repeatedly.
But it’s important to do whatever you can. Crooks will go where the taking is easiest, just as car thieves will grab a radio from an unlocked car before going through the trouble of circumventing a security system.
Many small businesses have no protection. One in five does not have antivirus software, and more than half don’t use encryption for wireless links. Two in three have no formal security policy, essentially banking on good luck that they won’t be victimized.
Computer safety doesn’t have to cost you a fortune. Some basic steps to take:
Install security software that includes antivirus, antiphishing, antispyware and networkwide anti-intrusion features and with automatic updating. The subscription cost is not much, about $100 a year.
Set up a firewall to protect all confidential information. Use multiple walls to guard your most sensitive data or keep it on a separate server or on paper. Use so-called smart passwords with numbers, letters and symbols, and change them periodically.
Be sure to block access to your network to ex-staffers. Beware of disgruntled workers who may be out to get you through computer stealth. Give employees in different departments and positions access only to parts of the network they need.
Also, vet anyone who buys advertising on your Web site. This, too, can be a source of malicious software. A personal phone call can trip up those who buy ads and use them to lure your customers to phony sites.
Train employees in safe computer practices. It’s the most important best practice and often overlooked by companies. Let them know that visiting nonwork-related sites puts the firm at risk. Eighty percent of malware is downloaded unknowingly at adult pornography sites.
Opening attachments from unknown sources can render a firewall useless. Laptops carried out of the office or left at a business conference are prime targets for theft.
Also, consider contracting with a certified “ethical hacker” to test your system regularly and to offer guidance to your in-house computer staff.