As technology evolves, so do hackers’ techniques, something which puts tremendous pressure on organizations to constantly update their security measures in order to keep their data secure. Hackers can expose not only important company information, but sensitive customer data as well, leading to potentially devastating effects.
To find out how to better protect your organization’s information, we asked a panel of entrepreneurs from YEC the following question:
What is one practical thing your company can do to better protect itself and its data against phishing or hacking attacks?
Here’s what they had to say:
1. Encrypt data and install a network firewall
Control over the incoming and outgoing network traffic is essential to prevent threats from making way into the company’s operating system. Hackers don’t just target the company’s financial data. Any kind of customer, as well as employee data, may be targeted via phishing attacks. Data encryption is necessary to protect data from hacking attempts that manage to surpass the firewalls. – Rahul Varshneya, Benchpoint
2. Create a positive security culture
Some employees are naturally fearful to present threats or concerns to IT personnel. Reward and thank them for bringing up a concerning email, strange attachment, unknown contact or a general bad feeling about something — even if they’re wrong about it. Dismissing their concerns, even false alarms may create a culture where they have nobody to go to when a legitimate threat appears. – Stephen Hetzel, BidPrime
3. Keep your software up-to-date
Most attacks against a business’ web-facing software succeed because of security vulnerabilities caused by programming mistakes. When a developer finds a mistake, they fix it and release an update. Businesses that don’t install the updates are vulnerable. Software updates don’t fix every security problem, but they make it much harder for attackers to compromise a business’s vital infrastructure. – Vik Patel, Future Hosting
4. Use website blockers
Website blockers restrict users from visiting websites that may expose you to phishing and hacking attacks. It also allows you to restrict any other site of your choosing. For example, you can prevent your employees from visiting social media and other non-employment related websites. There are a host of free and paid versions to choose from as well. – Matthew Podolsky, Florida Law Advisers, P.A.
5. Enable two-factor authentication
Having your team use two-factor authentication will help to keep some hackers at bay. The use of the mobile as a requirement to log in means that there really is a challenge for a hacker to invade the system. – Nicole Munoz, Nicole Munoz Consulting
6. Change your passwords often
It is often convenient to use the same password on multiple websites, but that can leave your very vulnerable. We create unique passwords for everything and also change them every 30 days. It can be a bit exhausting, but it’s something I feel is a must-do. We also don’t store them on any file-sharing cloud sites to further protect them. So far the approach has worked. – Jonathan Long, Uber Brands
7. Use a password manager
Password managers are essential, especially when you have multiple accounts across systems. You can then confidently use hard-to-crack passwords (typically randomly generated), change them every three or six months and set up dual authentication. Critical systems such as web servers and databases should restrict IP restrictions to disallow access from anyone attempting to log in from an unknown IP. – David Boehl, GraphicBomb
8. Talk about the worst-case scenarios
Everyone knows computer security is important but nobody takes it seriously. A company is only as strong as its weakest link, so make sure employees know they have a great responsibility. Consistently educating the team on worst-case scenarios is key to ensuring the use of secure passwords and making sure people don’t click suspicious links. Post security articles on team bulletins frequently. – Matt Wilson, Under30Experiences
9. Train your employees to be vigilant
One of the most common methods hackers use is email. Spam filters are not 100 percent effective, so you need to ensure your employees can spot a scam email when they see one. Therefore, in the onboarding process for new hires include a section on detecting spam, and what they should do with it. Also, encourage them to alert others when one comes in. – Ismael Wrixen, FE International
10. Sunset outdated permissions
One of the key ways to limit the potential damage from phishing and hacking attacks is to sunset outdated permissions. Once a project ends, team members rarely need access, yet most of the time companies never update permissions, meaning that gaining access to one person’s account gives an attacker wide-ranging access. We remove wide-ranging access once a project ends. – Ryan D Matzner, Fueled
11. Limit access
You’d be surprised at how many hacking attacks were simply the result of clever social engineering. In addition to training your employees to not answer calls from suspicious “password quality inspectors” you should strictly limit the number of people who have access to sensitive information. If you have fewer links in the information chain, there are fewer potentially exploitable weak points. – Bryce Welker, Crush The CPA Exam
12. Hold quarterly security meetings
Sending random tests to see if you can trick your employees is a nice touch; nothing beats threats to security better than education. Many people in your company are not going to be tech-savvy or be savvy to the ways hackers use social engineering. Your security expert (whether in-house or a consultant) should meet with every department to go over the best practices to keep data secured. – Justin Cooke, Empire Flippers
13. Get cybersecurity insurance
It is hard to prevent a cyber attack by a skilled, highly motivated hacker. You should invest in a cybersecurity insurance policy to help mitigate your losses if the other steps in this article do not prevent a successful attack. The right policy can not only offset losses from data breaches but also your costs from business interruption and network damages from a variety of cyber incidents. – Doug Bend, Bend Law Group, PC
This post is part of our contributor series. The views expressed are the author’s own and not necessarily shared by TNW.
Published March 22, 2019 — 09:00 UTC