10 tips to avoid cyber attacks

December 4, 2016 8:06 PM

Through industry research by Lawley Insurance, the vast majority of U.S. small businesses lack a formal internet security policy for employees, and only about half have basic cyber security measures in place.

To help clients strengthen their security awareness, Lawley has provided 10 tips to help business owners protect their assets and improve reliability against cyber threats and attacks.

Train employees in cyber attack prevention

While the perception is that cyber attacks are the cause of shady computer hackers across the globe, the reality is that most data breaches are the result of human error . Educating your employees to be vigilant in protecting data is as important as having firewalls set up. Your team should be aware of suspicious emails requesting confidential information. If there's ever a question about the legitimacy of an email making such requests or including suspicious links, call the sender to verify they actually sent the message.

In addition, make sure employees' company phones , laptop and other mobile devices require strong passwords to access private data. Leaving an unlocked phone in a cab could be as damaging as a hacker penetrating your network.

Read more:

Lack of employee training is behind 80% of company data breaches

Install, use and regularly update antivirus and anti-spyware software on every computer

Your computers and network are only as safe as you maintain them, so while it may be a nuisance for your employees to receive notifications to update their software , it is vital to closing gaps and preventing future threats. Antivirus and anti-spyware tools are constantly working and updating to battle the latest attacks, but if every machine is not routinely updated with fresh layers of cyber protection, you leave your company vulnerable to malicious threats that can quickly take down the whole infrastructure. Remind your employees how important the periodic interruptions that come from automatic updates are.

Use a firewall for Internet connection

Just like a castle has a moat and strong walls to keep bad guys out, a firewall is a first line of defense to prevent unauthorized access to your computers or network. The constant safety checks that firewalls provide help keep your data protected, and should be step one in building cybersecurity policies.

Download and install software for operating systems and applications as they become available

The updates can create a similar inconvenience as antivirus notifications, but these are equally as important to keeping your information safe. Think of your information technology as a fort that you want to keep intruders out of. Using older versions of software or operating systems is like leaving the back door wide open for someone who wants to do harm to walk right in and grant them access to your financial information, customer records and more.

Read more:

Ask an Adviser: How can we protect employee data in the era of remote work?

Control physical access to your computers and network components

One way to limit the ability of data breaches is to require logins after a computer is dormant for a short period of time. While it can be a hassle to have to reenter passwords frequently, it can help keep prying eyes away from access to confidential spreadsheets and documents from your corporate network, open on the machine of someone at lunch.

Read more:

Why employers need a cybersecurity policy for their employees' personal devices

Require individual user accounts for each employee

Shared accounts open up the possibility for passwords and access to be shared with employees via password managers. This could unintentionally expose passwords to more people and possibly grant file access to users who should not have it. Tracking down the cause of a breach could become difficult as well when multiple people access your systems through the same login. Not to mention, when an employee leaves the organization, they still could have access. Your best bet is to require individual user accounts for each employee.

Read more:

Why 90% of employers want to add data privacy protection to their benefits

Limit employee access to data and information, and limit authority to install software

While you should trust your employees, not everyone should be privy to all of your data. By partitioning access and creating redundancies even if malicious access occurs you do not want to give someone the ability to access everything. Limiting HR files to only HR staff and the CEO is one example. In addition, while most software downloads look legitimate, the sophistication hackers use to hide malware in innocuous looking downloads can cripple a network. Allowing everyone to download games and apps could open your company up to trouble

Regularly change passwords

One of the easiest ways your information can become hacked is through easy-to-guess passwords. Most people use the same password across multiple accounts, which can make it easier to hack into several systems if one can be compromised. Ensure employees are changing their passwords frequently and not using the same password across all systems.

Read more:

Small businesses are leaving themselves vulnerable to cyber attacks