Data is the new gold. Back in the days of the Wild West, robbers would target trains they knew were carrying bullion and other valuables.
This same scenario is repeating today – only this time, the internet is the Wild West, and hackers are the robbers. And their target? Your company’s servers, which contain prototypes, customer payment data, and other goodies – that’s the gold train they’re after.
A survey commissioned by Dell recently revealed that 63% of respondents suffered a data breach in the past year. 63%. When hacked, the average SME sustains over $200,000 in damage – within six months, 60% of these enterprises go out of business.
Cybersecurity isn’t a nice-to-have – it’s mandatory for any internet-facing business. In these times, that’s just about every business. But where do you begin? The best way to learn is to emulate the example of successful firms.
Below, we’ll relay the best practices other companies have used to safeguard their data from cyber threats.
Must Read: What Helps Prevent Cyber-Attacks?
Nobody Is Safe – Not Even Major Corporations
The impunity that cybercriminals operate with these days is quite astounding. Every now and then, there is a high-profile arrest. But most hacks go unpunished – a fact that has emboldened many in the black hat community.
These crooks don’t just target mom-and-pop businesses – they also go after major corporations. When they succeed, the results have been devastating. In 2013, Adobe got hacked. As a result, hackers made off with three million credit card accounts, plus 38 million user/pass combos. In the end, Adobe dodged a legal bullet – they only paid a bit over $1 million in settlements to customers.
However, that pales in comparison to the mother of all breaches. In 2014, hackers managed to break into Yahoo’s servers and steal the real names, phone numbers, addresses, etc. of over three billion users. The timing could not have been worse for Yahoo – it happened as Verizon was in negotiations to buy the company. As a result of the breach, Yahoo lost a stunning $350 million in market value.
Because of the constant threat posed by motivated, fearless cybercriminals, most corporations take network security very seriously. However, with a shortage of experts in the industry, their expense is often too much for your average SME to afford. For instance, the average cybersecurity specialist commands an average salary of about $70,000 – too steep a sum for many companies.
For these companies, a managed IT solution, which IT consulting firms typically offer, is the answer. They package cybersecurity alongside other essential services like tech support and network management. For a reasonable fee, smaller firms can have all their IT needs covered.
How Do Companies Protect Their Data?
Leading companies are continually evolving their strategy to keep their data safe. As of the writing of this article, the following tactics are being used successfully by many firms. That said, keep your ear to the ground – stay appraised on the latest developments in cybersecurity. That way, you’ll stay ahead of those looking to break into your network. Many of these leading companies are also opting for Manage IT Provider to have all their IT and Networking needs covered.
(1) Password managers
The problem is, people don’t just access one account in the run of a day’s work – they access many. To save mental bandwidth, many use the same user/pass combo for all accounts. Hackers know that when they hack one account, they can usually get into others. When your corporate server falls in the “other” category, that’s a serious problem.
It’s this conundrum that gave birth to the password manager. Rather than remembering multiple user/pass combos, you get one master login. At first glance, that doesn’t seem like a safe solution, as one successful hack would expose everything.
However, password managers issue complex passwords which are extremely difficult to hack. On top of this, the manager encrypts all passwords contained within the program. Any attempt to hack data without logging in would only yield unintelligible gibberish.
(2) Faithfully updating software
Every day, hackers – of the white and black hat variety – uncover vulnerabilities in widely-used applications. The former race to stay ahead of their sociopathic cousins. Most of the time, they succeed. Because of white hats, software developers regularly release patches that keep out the black hats.
As we speak, malicious actors maybe checking the version numbers of software you use. By installing updates as soon as they arrive, you can keep your systems safe from known exploits.
(3) Setting up an effective firewall
Firewalls keep out suspicious traffic by comparing incoming data to defined rules. Packets that conform can pass, while those that violate the rules are blocked. These security setups are effective against known threats. However, like any software application, hackers can easily defeat a firewall using sophisticated techniques.
For instance, hackers have been using the connect-back approach to get around firewalls lately. To do this, they attempt to connect to your command-and-control (C&C) server through outgoing ports. Unlike incoming ports, firewalls don’t always guard outgoing ports.
Rather than rely on legacy firewall software, go with a next-generation firewall, or an NGFW. These firewalls offer more sophisticated defenses – in the case of connect-back attacks, they will often sandbox programs that are attempting a C&C connection.
(4) Regularly backing up data to a segregated server
Despite your efforts, a truly-gifted hacker may manage to break into your server. If this happens, they could do catastrophic damage that could endanger your businesses’ survival.
Consequently, it is imperative to regularly back up mission-critical data. Moreover, these backups should go to a segregated server. That is, a server disconnected from your network – except when you are doing backups. This activity, which IT staff should carry out every 24 hours, should be at the core of your disaster recovery plan.
This way, when you get targeted by a ransomware attack, it will be little more than an annoyance. All you’ll have to do is wipe your servers and restore your segregated backup.
Data Is The Lifeblood Of Your Business – Keep It Safe
Without customer lists, marketing info, payment information, and other data, most 21st century businesses would be dead in the water. Chances are, you’re in the same boat. Protect your data like your company’s life depends on it – because it does.