These are hazardous times to run a business that stores critical data. Cyber-attacks happen constantly, and every day we hear of some large business reporting a data breach. This is a critical problem as the data being stolen are literally the identities of your customers, and it opens the way for them to be stolen, as well as having their credit cards run up to the max or their bank accounts being drained before the customer is aware of the problem. Businesses have a moral obligation to protect this data, as well as a very practical one – these data are your business’s lifeblood. Having it breached is akin to having a heart attack, or at least a significant blood clot in your body – everything stops until the breach is repaired, and, if you don’t have at least an adequate disaster recovery plan in place, you will suffer some impairment, if not actually losing the business altogether. It is sound business sense to protect your customers’ data at all costs.
What is a Cyber Attack, and How Does One Happen?
Cyber-attacks are literally just what they sound like – an attack in the cyber, or computer, world. Cyber-attacks are launched these days by criminals, hostile foreign governments, and hacktivists with an axe to grind. By far the most attacks are from the criminal world, although hostile governments are moving up fast.
Generally, cyber-attacks are launched so the group behind them can profit from the information they steal, or to literally profit from the target, by stealing money. Money is stolen from accounts, or credit card numbers are stolen and then run through a fake website to purchase nonexistent goods, charging the phantom merchandise against the stolen cards. The transactions are captured electronically and cleared within twenty-four hours, often before the credit card owner is aware there is a problem. Billions of dollars have been stolen in this manner, so cyber-attacks should be taken extremely seriously.
Cyber-attacks commonly happen by means of a technique known a phishing. Targets are tricked into sending the cyber thieves their personal information, either by replying to the phishing email or by going to a fake website the thieves have established and entering the data there. Not all attacks launched through phishing steal information directly; the phishing email is also a way to get malware software loaded onto the target’s machine. From this infected machine, a cyber-attacker can take over every machine on your network, and through some sophisticated techniques, they can also breach your data.
Intrusion Protection
Physical hardware solutions exist to keep the bad guys from breaching your network, but sometimes a malware attachment gets through the physical barriers, or perhaps an employee has an infected machine at home and brings the infection back to the office via files the employee worked on from home. If the firewall is breached, your next line of defense is intrusion detection and prevention.
There are myriads of virus protection software packages available today, ranging from free to outrageously expensive. Find a vendor who provides the best protection you can afford, however, don’t be cheap about this software. Ask yourself what’s more expensive in the long run – stopping an intrusion in its tracks or repairing a serious data breach, with all of its ramifications. Choose the best prevention package for your business you can get.
Once virus protection is installed on your machines, you need to define and enforce policies for its use. Require boot-up scans, scans periodically during the day, and scans run after the close of business. If the package supports active protection, enable it for email and for the web. The virus protection will detect suspicious emails before they are opened, and will block the user of the machine from going to suspicious websites. Virus protection only works if you keep it up-to-date and if you use it, so put some teeth into those enforcements and make sure your employees are doing what they’re supposed to do.
Think of your business’s computers and applications like a castle; castles are protected by moats and guards. The firewall is your moat and the virus protection is your guards. Get the best ones you can and use them to their full effectiveness – you will be glad you did.
