By: Adam Lippa
22 February 2016
If there’s one truth in today’s cyber age, it’s that no business is immune from a cyberattack. Given the increasing amount of business information that’s stored online—or in external-facing (aka Internet-connected) devices—it shouldn’t come as a surprise that there are a seemingly endless number of cyber criminals out there vying for your data and pertinent information.
While an attacker may reap a more significant reward from hacking into a larger company, it’s a lot easier—and, in some ways, can be more lucrative—to target small businesses. This is primarily because, simply put, small businesses think they’re too small to be attacked. They don’t have the big bucks to invest in an IT department, so they often forgo an IT defense system altogether. This is a huge mistake.
It doesn’t have to cost a lot to avoid becoming a victim of cybercrime. Essentially, you need a two-pronged defense strategy—one that keeps external threats out and simultaneously manages the internal ones. There are a few elements you can implement to do this effectively, without breaking the bank.
Detecting an unprotected network is rather easy to do. Cyber criminals deploy automated searches using botnets—a type of code—that run scans of various networks and sends reports back to the attacker. The simplest way to prevent an attack, therefore, is to protect your system from being identified by the attackers and botnets, in the first place.
The best way to do this is by installing a firewall. You may need assistance in configuring this defense measure—which really won’t cost very much—but essentially you want to choose the setting “deny all” to prevent all external threats from entering your network. Once that’s done, you can create an approved list of sites and network traffic that the firewall can allow in.
Another way to combat external threats is to change all your defaults—namely, the default passwords on all external-facing devices (such as your router and firewall), as well as the names of your wireless networks. A virtually impenetrable password is at least 15 characters long, with a good mix of numbers and upper and lower case letters.
When it comes to naming your wireless network, avoid anything that would allow an outsider to figure out which network is yours. The more obscure the name, the better—and always make sure to have a strong password and the wireless encryption turned on.
To make sure you’ve plugged as many external security holes as possible, take advantage of free online network scanners available at websites like qualys.com. These sites scan your system for known vulnerabilities and offer suggestions to fix any holes. Performing this 15-minute scan every quarter is a baseline recommendation so you are aware of any recent security weaknesses with your network.
For most “inside jobs” there was likely some existing weaknesses or vulnerabilities to internal IT security and controls. When it comes to protecting your company’s data and important information from the inside, your ultimate goal is to remain in control—and limit the number of people that have access to your classified information.
Many of the steps required to achieve this are very similar to managing external threats—strong passwords, for example, are essential when protecting important areas of information. You also want to use reputable, up-to-date anti-malware and anti-virus software, and ensure only Administrators have access to such installations.
Lastly, it’s critical to have a good method of backing up your data—and for most small businesses, the cloud is the safest and most cost-effective way to do this. Backing up important information properly will allow your business to recover from loss due to theft, hardware malfunctions or data corruption.
While leveraging some IT security consultants is never a bad thing, by following the above steps you can keep those costs to a minimum, and set down some basic but critical security measures to keep your business networks safe.
The author is the Manager of Advisory Services at Grant Thornton LLP (Canada). Grant Thornton International Ltd. is a leading global business adviser that helps dynamic organizations unlock their potential for growth. Punongbayan & Araullo (P&A) is the Philippine member firm of Grant Thornton International Ltd. For inquiries, you may direct them to 988-2288 ext. 760 or visit our website at grantthornton.com.ph
Notes to editors:
About P&A Grant Thornton
P&A Grant Thornton is a leading professional services firm with a proven track record of high-quality work. P&A provides value-added services to clients through a client-caring team of audit, tax and business professionals who utilize leading-edge systems and technology and are guided by the highest standards of quality, integrity and competence.
About Grant Thornton International Ltd*
Grant Thornton is one of the world's leading organisations of independent assurance, tax and advisory firms. These firms help dynamic organisations unlock their potential for growth by providing meaningful, actionable advice through a broad range of services. Proactive teams, led by approachable partners in these firms, use insights, experience and instinct to solve complex issues for privately owned, publicly listed and public sector clients. Over 31,000 Grant Thornton people, across 100 countries, are focused on making a difference to clients, colleagues and the communities in which we live and work.
Grant Thornton International is a non-practicing, international umbrella entity organised as a private company limited by guarantee incorporated in England and Wales. References to "Grant Thornton" are to the brand under which the Grant Thornton member firms operate and refer to one or more member firms, as the context requires. Grant Thornton International and the member firms are not a worldwide partnership. Services are delivered independently by member firms, which are not responsible for the services or activities of one another. Grant Thornton International does not provide services to clients.
*All references to Grant Thornton International in the press release and this “Notes to editor” section are to Grant Thornton International Ltd. Grant Thornton International Ltd is a non-practicing, international umbrella entity organized as a private company limited by guarantee incorporated in England and Wales.
As published in The Philippine Star dated 23 February 2016