Hey YOU, SMB, yeah I’m talking to you. There are a number of things that you can do to not only protect your personal information, but also the information you have in your business:
Contain the hack, stop the bleeding & eliminate the threat
- Hire a professional – It is entirely possible the small business was hacked because they did not employ technicians to prevent it in the first place. Therefore 3rd parties that specialize is security and breach mitigation should be contacted immediately. These IT security professionals specialize in containment. Their role will be to forensically determine the nature of the compromise, remove the vulnerability, update any necessary hardware and software, and ensure a breach such as this does not happen in the future.
- Disconnecting every affected device from the Internet temporarily – The purpose here is to stop any data from leaving the network and to prevent the hacker from communicating with the server. This may mean disabling internet connections or physically unplugging the internet from connected devices
- Change and reset passwords – Many hacks begin with compromised passwords. And the moment a network or device goes back online the hacker will log back in unless all credentials have been changed and updated.
- Update all software – Begin by scanning all hardware and software with anti-virus programs and removing viruses. Vulnerabilities are often due to outdated software or operating systems riddled with flaws. Updating with critical patches eliminates these threats. The breached party should have redundant networked hardware systems in place, backed up data, contingency plans to put duplicate systems online immediately in order to maintain operations.
- Update your Companies Hardware– Old outdated hardware simply can’t keep up with the requirements of newer robust software or the security software required to keep networks secure.
- Back Up All of Your Data – You have to make sure that you are regularly backing up data to a secure location. This data should also be encrypted.
- Manage All Identities – You also must make sure that you are managing identities and access to accounts. You must do this across the board, as just one account being accessed could make you or your network extremely vulnerable.
- Use Conditional Access – Additionally, you should make sure to use conditional access that is based on factors such as location or device.
- Utilize Multi-Factor Authentication – You can use multi-factor authentication to keep accounts protected, too. You can use this on its own, or with other conditional access methods to ensure those who are trying to access your data are legitimate.
- Security Awareness Training– Assuming employees know what to do and more importantly, what not do, is risky. Providing effecting ongoing security awareness, and in the authors opinion “security appreciation training” is partnering with employees to protect the network.
- Patching – Set up a system so that you can always ensure that your hardware and software is always patched and updated on a regular basis. This helps to keep your data safe.
- Align Your IT Security with Other Business Security – Those who are in the IT industry often feel as if they are struggling to keep up with changing technology, including security tech. The success of a business is based on keeping it secure, and by keeping all types of security in mind, including IT security, has a direct impact on revenue.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.