How to Protect Your Business from Cyber Attacks

How to Protect Your Business from Cyber Attacks

Ryan Allison of OWC Pro IT Service


With threats like Wannacry and Petya ransomware attacks topping the news lately you may be asking yourself if your business is protected from cyber attacks.  If you haven’t thought about it, then you should be concerned.  Imagine losing every record of all your clients you have, every transaction you have made, every order you have taken.  You would not be able to continue with daily business.  Ransomware can encrypt every file you have so it is unreadable.  The only way to recover these files is to pay an unknown entity with the hopes that they will send you a key to unlock your files.  These payments can be hundreds to thousands of dollars.  Once paid, there is no guarantee that you will receive this key or that more money is not demanded after the first payment.  This is what you should be worried about.

In order to protect yourself from attacks, you need to identify the threats.  These threats are endless.  There are hackers, viruses, worms, Trojans, spyware, ransomware, phishing, pharming, and more.  Whatever the name of the threat, their intent is to scam people out of money, steal sensitive information, or just create chaos.  These risks can come in the form of emails, websites, downloaded programs, and even Word and Excel documents.  As anti-virus software and firewalls get better at blocking these attacks, the creators are finding new ways to circumvent these precautions.  You need to be prepared and educate anyone that uses technology in your business.

Cyber threats are not new.  If you connect any device to the internet, you probably know that you should have virus protection.  This protection should be able to provide real-time protection from Malware that could be running on your system.  You may want to purchase Malware protection with Advanced Threat Protection.  This will ensure deeper scanning of files for things like Ransomware on your computer, in your emails, and on the network.

You also may have heard of Firewalls.  These block unwanted programs and files from getting through from the internet and other computers on your network.  You have a firewall built in to your operating system.  This should always be enabled.  You should also have a hardware firewall on your network that control data between your network and the internet.  It should be configured to only allow traffic necessary to conduct business.

To provide protection from emails, It is best to have Anti-Spam software.  This help filter unwanted and malicious email.  It will help keep your inbox free of clutter and prevent accidentally opening malicious files

Most malware exploits weaknesses in your operating system.  We want to make sure our operating systems like Windows or Mac OS X are kept up-to-date.  These updates often have patches that fix these vulnerabilities that hackers exploit to gain access to your systems.  Many malware infections could be prevented by installing the latest security updates provided by Microsoft and Apple.

Anti-virus and firewalls are great tools to help protect you.  They should be installed and kept up-to-date.  Here is the kicker.  Even with the best protection configured on your systems, these threats can still find a way through to your computer.  The final vulnerability is the person using the computer.  When hackers find it more difficult to slip by anti-virus and firewalls, they find easier ways in.  One of these is to trick someone into installing malware without them realizing it.  This is often done through infected websites causing popup windows that when clicked unleash a virus.  These can make it appear that you are already infected and scare you into clicking on it to remove the infections.  These popups may be difficult to close and are often warning not to close the window or shut down your computer.   These windows should be closed immediately and the computer should be restarted to be safe.

Email has always been the preferred way to deliver malware.  It is an easy way to spread malware to thousands.  Computer users need to be able to recognize these malicious emails and delete them.  These emails appear to be from people you know or reputable businesses with messages that are related to issues that computer user may be dealing with.  If you were expecting to receive a package from UPS and received an email that appeared to come from UPS saying you package has been delayed and won’t be delivered until you click this link and give use your information, one may be inclined to click it so their package in not held up.  Another example is an email that says your Facebook account was accessed from another computer, click this link for more information.  If you want to know where the link will direct to, you can hover your mouse over the link and the actual address will be displayed.  If the link looks suspicious or slightly questionable, do not click on it.  When in question if an email is legitimate, go directly to the website by typing or searching for the address in your browser instead of clicking on a potentially questionable link.  The only way to help avoid these threats is to educate anyone that uses a computer in your business.

The best way to minimize the risk of these types of attacks is to use the highest security level you can.  It is best to not make users local administrators of their computers.  If they require admin access to install software and updates, it is better to give them a second username with higher access and have them use that only when installing software.  It is also best to only give people access to network resources that they need to work and lock down everything else.  This helps minimize exposure to your key systems.

Even with all the proper tools and education, no company can be completely protected.  The most important way to protect yourself is with a proper disaster recovery plan.  You should always backup your servers, workstation, and any data you can’t afford lose.  This is best done by having a local backup to hard drive or server onsite on at least a daily basis.  In many cases, you may want to run backups every hour or less.  These backups should also be copied to a remote location.  This could be done on another hard drive that is physically moved off site every day or a service that backs up the data over the internet on a remote site.  That way, if you do suffer from a malware attack, you can recover data that may get damaged.

Protecting your business is no small feat.  There are always new threats being introduced.  While there are plenty of tools and programs to help protect you, it is always best to have an experienced individual or company involved in planning the protection your business.