Previously, we looked at some of the less common strategies hackers and other online criminals use to gain access to business accounts and steal data and personal information. For businesses that sell online, also see Securing Your E-Commerce Site Against Cyber Threats.
Hacking prevention tips from the FBI
- Make sure your computer system uses multiple layers of security to help thwart would‑be attackers.
- Use the highest security settings on social sites and, ideally, restrict access at work to only those who must use them, such as marketing personnel or managers.
- Make sure firewalls and anti‑virus software are updated and enabled on all systems.
- Provide annual training in online security and educate employees about what company information they may and may not share.
- Require employees to change passwords regularly and prohibit reuse of former passwords.
- Monitor dataflow on your network at all times and respond to potential threats or risky employee behavior immediately.
- Implement a reporting system where employees can notify managers about potential threats or risks such as phishing or pharming.
- Review prior threats, risks, and losses and develop and implement plans to avoid similar incidents in the future.
- Develop a robust bring‑your‑own‑device (BYOD) policy and make sure to enforce it.
- Make sure employees do not use work computers to access personal accounts or networking sites.
The Internet is an important tool for companies of all sizes, and smart businesses establish protocols to identify and mitigate risks from online activity. If you want guidance on technology and insurance options, review Information Technology (IT) Insurance and Small Business Security: Physical, Electronic and Cyber Insurance Considerations to learn how coverage and security practices can work together to reduce exposure.
Frequently Asked Questions
What is phishing and how can employees recognize it?
Phishing is a fraudulent attempt to obtain sensitive information via deceptive emails or messages; employees should watch for unexpected requests for credentials, misspellings, and suspicious sender addresses.
How often should passwords be changed?
Passwords should be changed regularly based on your company's policy and any detected compromise, and employees should avoid reusing previous passwords.
What does monitoring network dataflow involve?
Monitoring involves tracking traffic patterns, unusual data transfers, and access logs so administrators can detect anomalies and respond quickly.
Why is a BYOD policy important?
A BYOD policy sets rules for personal devices used for work, reducing risk by requiring security controls, updates, and acceptable use standards.