How to Protect Against Common Hack Attacks

attack computer codeHacking is not really a new concept. In fact, the idea of breaking into a business to steal information, make a quick buck, or simply wreak havoc has been around pretty much as long as there have been businesses. The advent of online technologies has just upped the ante, so to speak, by increasing B2C connections and centralizing the data, making for a virtual smorgasbord that criminals can’t ignore.

Even worse, hackers are ahead of the game. They’re constantly finding new ways to break down defenses, exploit chinks in the armor, and defeat protective measures. This, of course, is also nothing new.

Build a better lock and thieves will find ways around it. The difficulty, as always, is that one party plays by the rules and the other delights in breaking them. That said, you can’t suffer the slings and arrows of outrageous fortune without at least trying to protect yourself.

At the very least there are privacy laws in place that mandate some effort on your part to protect the sensitive information entrusted to you by customers. That said, you also have an ethical responsibility to treat confidential information with the utmost care, and frankly, your business will suffer the most if that data is compromised, thanks to government penalties, possible lawsuits, and a damaged reputation.

What can you do? As it turns out, you can do a lot. Many businesses are sorely in need of increased protection from hackers. In some cases pricy upgrades are needed, but others rely on pure common sense. Here are some strategies to help you protect against the most common hack attacks.

Don’t Be an Easy Target

As in the real world, many crimes in the online arena are crimes of opportunity. Hackers are predators – why work hard for a kill when there are so many easy pickings available? If you’re not protecting yourself adequately, your company will pay the price.

Although the headlines often feature only the highest-profile hacks on mega-corporations, it’s much more common for small businesses to be targeted and compromised simply because they don’t have the same level of protection as their larger brethren. If you want to secure yourself against the most common attacks, you need to at least take basic measures.

A firewall is pretty much a given, as is antivirus/anti-spyware software. However, you can do a lot more on behalf of your company and your clients. For starters, you’re going to need a web application firewall (WAF) to protect your online operations the same way you protect your internal network.

From there you can consider more aggressive options like using encryption software, hiding your website’s CMS with security applications, and employing a third-party monitoring service, just for example. These measures can cost you, but likely not as much as a data breach will, and you can pick and choose the options that work best for your business.

Focus on Login Controls

One of the easiest points of ingress for hackers is often customer or employee logins. The good news is that you can do a lot to stymie hackers on this front.

Strong password requirements are a must, but you should also prompt users to change their password frequently and automatically log users out after short periods of inactivity. You can also use login software that doesn’t auto-populate fields.

If the password is wrong, don’t allow the username to display even if it was correct – clear all fields for additional login attempts and freeze the account following successive fails to log in. Two-step verification is also becoming more popular for added security.

Train Employees

Your protective tools are only as good as the people using them. Your password protections, for example, are worthless if users allow easy access to login information. Your firewalls can’t protect against ignorant behavior.

Training is therefore an essential element of protection. You may have software that warns network users about dangerous websites, but you also need to train them to navigate away instead of ignoring these warnings and behaving in a foolhardy manner.

Employees should also be warned against opening suspicious emails or clicking harmful links. With proper training your employees and even your customers can be taught how not to facilitate data breaches.

Hire Help

If you want to protect against hackers you may have to hire professional help. Whether you employ an on-site IT staff or you contract with third-party service providers, you should update and maintain your hardware and software regularly, monitor your network, and implement a system of alerts that warns you of suspicious activity. Early warning of hacking activity can be a very valuable protective measure.

Free and Easy Network Security Tips for Every Office

Let’s be clear up front: every business is going to have to spend some money on network security. Not only do you need to put proper protections in place to ensure you’re not an easy target for hackers, but you also have to comply with federal and state laws pertaining to privacy. If a data breach compromises private data for employees, clients, and so on, you could find yourself in serious legal hot water.

However, once you have a firewall, antivirus/antispyware software, password protection software, and extras like VPN or FTPs in place to protect your network and your data, you’ll find that there are a number of free and easy ways to ensure that the protections you paid for continue to perform as intended. Here are just a few free and easy network security tips that will benefit every business.

Go Paperless

This might not sound like a network security tip, but if documents containing sensitive information like user names and passwords get into the wrong hands, a network breach could result. Even better, going paperless actually saves you money.

If you’re not able to go completely paperless, at least make sure to shred and recycle documents appropriately, taking every precaution to ensure that data isn’t readily available to industrious dumpster divers.

Perform Updates

Software and firmware need to be updated regularly if you want to protect your network from outside threats. Most of your hardware and software will have options in the settings to automatically check for and install updates, making the process easy for you, but if you have IT staff on hand, you may want to perform these updates manually or at least get notifications when new updates are available so you can decide if you want to allow them or not.

All of the hardware that supports your network, including computers, servers, modems, routers, and so on will need firmware and driver updates to continue functioning properly and communicating with other devices on your network. Relevant software updates can ensure that you’re protected against the latest threats. Both can help to keep you protected, but only if you check regularly and perform updates as needed.

Schedule Regular Scans

With proper updates your antivirus/anti-spyware software should protect your network from viruses and other malicious code. However, it’s a good idea to schedule regular system scans to ensure that nothing suspicious has slipped through the cracks and infiltrated your network.

Require Strong Passwords

Password protection is an excellent way to keep unwanted visitors out of your network, but only if the passwords used are strong enough that hackers can’t crack them. You should therefor require employees and online users to create strong passwords.

These days passwords should have a minimum of 8-12 characters, with combinations of capital and lowercase letters, numbers, and symbols. In addition, users should make sure not to use personal information like pet names, birth dates, addresses, and so on.

One good option is to use an easy-to-remember acronym that looks like gibberish to anyone else. For example, the phrase “My 2 dogs-Fido and Spot-are 9 and 13” would become “M2d-FaS-a9a13”.

Change Passwords Frequently

It’s not enough to create strong passwords; you should also prompt users to change them on a regular basis. This will help to stop the potential threat arising from either employees that share passwords or hackers working on gaining entry to your system.

Policies and Training

All the protections in the world can’t keep you safe from ignorance and stupidity. You must therefore set clear policies for appropriate behavior when using the network and then train all employees accordingly.

These policies could include common sense activities like keeping passwords private (i.e. not sharing them with coworkers, supervisors, outsiders, or anyone else), as well as behaving in a safe and responsible manner when using company resources. Employees should be trained to avoid email from unknown senders, steer clear of dangerous websites, and avoid clicking suspicion links, just for example.

Having such policies in place and training employees to behave properly might seem like a waste of time, but it only takes one mistake and you might as well throw the doors wide open and invite hackers in. With proper hardware, software, policies, and training procedures in place, your business has the best chance of avoiding a data breach and the resulting fallout.