I – Definition – What is a Cyberattack ?
According to Techopedia, a cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyberattacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.
Cyberattacks may include the following consequences:
- Identity theft, fraud, extortion
- Malware, pharming, phishing, spamming, spoofing, spyware, Trojans and viruses
- Stolen hardware, such as laptops or mobile devices
- Denial-of-service and distributed denial-of-service attacks
- Breach of access
- Password sniffing
- System infiltration
- Website defacement
- Private and public Web browser exploits
- Instant messaging abuse
- Intellectual property (IP) theft or unauthorized access
You might not know but millions of people are facing these consequences daily, without even being aware of it. When was the last time you double checked to make sure your data is secure? What about the data you handle for your clients? Based on numerous reports from different serious organizations, we now know that several threats and vulnerabilities on information systems / technologies pop up every single day ( for instance, The U.S. Navy captures 110,000 cyberattacks every single hour !) . Internet is the best tool ever to scale your business nowadays, but the shocking truth is that to succeed on a long run, you need to have a long term security strategy in place to protect your data and your client’s sensitive information collected daily. This is critical to reduce the risk of a successful cyberattack! (according to The Second Annual Cost of Cyber Crime Study, companies in the study experienced 72 successful attacks per week and more than one successful attack per company per week. This represents an increase of 44 percent from last year’s successful attack experience). Unfortunately cyber security education is not as common as it should be…
II – The Online Business Security Check-list
Following is a 10 steps Check-list to apply for minimum online safety. Go through it and implement immediately what you don’t have yet, to keep your online business protected, remain private and safe from cyber-criminals
1- Centralize your password management
With the growing number of different services / account you have to create to maintain your business online, make sure you use different password for each platform, and consider using a password manager for more flexibility (a convenient password management solution can help you gain easy and secure access to all your online accounts). You can use applications like 1Password or LastPass, and make sure you have a unique a strong password with a 2 factors authentication because that’s where all your other passwords will be located.
2- Use 2 – Factor Authentication where ever possible
Nowadays most of the online services with membership and involved in internet marketing offer you the possibility to set-up a 2 factor authentication. When it’s the case, always chose to use it as it’s very easy to do so: you just have to log into the account with your usual password, then you’ll receive a text message on your phone with a unique code, you’ll have to put the code in and that’s it – safe login! So for every google services (gmail, google drive,etc), paypal, wordpress, facebook, Dropbox, Amazon etc…, make sure you don’t forget to implement it.
3- Always use unique and strong password phrase for each service
As you may already know, about 93% of security breaches are due to human factors, mostly easy to guess password. So when you consider creating a password, always consider the best practice to reduce the risk. Take into account things like minimum 8-10 characters length, containing at least 1 digit, 1 special character, 1 upper case letter, and avoid dictionary names and identity related information (own or family name or birth date, pet names, etc). These are the basics. More over, also be sure to use unique credentials for each online services and accounts, and change it periodically (every 3 months for example). We are usually involved with multiple platform to run our business online, like Email, banking and payment services (paybal, ewalet etc), blog and website (wordpress, DNS register, etc), social media accounts, advertisement platforms, etc.
4- Always password protect your computer and mobile devices (phones and tablets)
For which ever reason, some people still leaves unprotected the devices they use to conduct their daily business activity, with sensitive data. That is a huge mistake and a security breach / risk for your business. Always setup a strong password to access your computer and mobile devices based on the above password requirements wherever possible.But be careful to never write you passwords and PIN codes on a paper that you keep in your office desk or in a mail draft. Or worse, in your wallet, next to their credit / debit cards!
To configure this on mobile devices, do as follow:
- On iOS, we have: Settings > Passcode
- On Android, we have: Settings > Security > Screen Lock
To configure password on computer devices, do as follow:
- On Mac, we have: Apple menu > System Preferences > Security & Privacy > General > Require Password
- On Windows, we have: Control Panel > User Accounts > Add a user with a password
5- Always lock your computer /mobile device when away
If you are leaving your seat for a coffee or a cigarette, always make sure you lock your workstation while you are away… To do so, just press Ctrl–Alt–Delete if you are a Widows user or Try Control–Shift–Eject/Power if you are on Mac.
6- Encrypt data on your computer and mobile devices (phones and tablets)
Encryption will prevent unwanted person to read your sensitive date, and thus reduce the security risk by ensuring your data privacy.
To encrypt your data on a mobile devices, do as follow:
- On Android, we have: Settings > Security > Encrypt Phone
- On iOS, we have: Settings > Passcode
7- Always keep your security software up to date
For all devices you use to run your business online (computers or mobile devices), always make sure you have a security software (antivirus, anti-spyware, personal firewall, etc) installed and check for daily update. This can help you prevent or protect you from basic cyber-attack affecting your connected devices. Maintain also your operating system, web browsers and other useful /important applications up to date with the latest security patches. These updates are mostly released to cover security breaches, so unless you keep your software up to date you will be vulnerable to the latest threats.Also consider uninstalling unused software applications. For information, 10% of security issues are due to unpatched software.
8- Set Your online profiles to private settings
Always set your social network profiles and mobile application to private, and check your security settings, because most people allow any third-apps to connect and access their online accounts by default, without giving any second thoughts to it! Which is very dangerous for your online privacy (for example, consider turning off things like your location settings – you wouldn’t want others to know where you live, right?…) Also, be careful about the information you post or share online because they can be compromised. Learn more here
9- If possible, acquire a cyber insurance
Nowadays, you can subscribe for cyber insurance to cover your losses due to a security breach or fraud. Also called “cyber liability insurance cover”, this usually refer to the range of cover, which might include the following:
- Minimizing the impact of a data breach incident on the damages to the company reputation and brand, response expenses and potential finance penalties.
- Losses due to a threat of extortion, and fees related to dealing with that.
- Expenses related to managing a security incident on your system, like investigation, remediation, legal costs, court attendance and regulatory fines, etc.
10- Implement a secure backup solution
To ensure your business continuity, you need to be able to safely restored your sensitive information in case of data lost or hardware issues. That’s why implementing a good backup strategy is a key point for your security. Don’t forget to choose a stable and easy to use backup solution, able to encrypt your data before synchronizing it with online servers, to ensure the confidentiality. Services like Mozy or Backblaze can do this for you in background. Additionally to online backup solutions, you can also consider keeping an encrypted copy of your sensitive information on a physical har drive.
Just remember, failing to implement this simple check-list on your daily activity may result of tragic situation like business crash / bankruptcy because of money lost (unavailability of service / website due to a DoS attack can dramatically reduce your sales), or customer’s lost of trust / confidence ( due to sensitive data lost like credit card information, contact information,etc) after one of the numerous possible cyberattack. Check this case study and lean from it…it will be ridiculous to spend all our time focusing on how to build a system to make sales online, make some money, and loose it all because we neglected the basics of cyber security. From today, be security aware!