In September 2019, German IT service provider Citycomp suffered a data breach that exposed data and had it published online from all of its existing clients concerning their financial and private information.
It was a nightmare for any company, but even more humiliation for one whose business is preventing stuff like this from happening. Needless to say, Citycomp’s branding and financial statement are not fun to look at nearly two months later.
Throughout history, mankind has struggled with the best way to protect his assets in the physical realm. For some, it was having the biggest army, for others, the fortress that could not be stored. Some took to the sea, others to the sky, but they all had one thing in common: They thought their way was the best to protect what they held most dear.
Companies today aren’t all that far removed from our mutual ancestors. They all have things they want to protect, but they also all assume they are the smartest kids in the room when it comes to protecting it.
Citycomp figured its way was the best until the moment it saw some of its most respected and powerful clients – companies like Oracle, Airbus, and Porsche – scrambling to respond as nearly 70,000 services and storage systems were published online. This was a major coup for cybercriminals. By clicking one system they gained exposure to hundreds of other networks. Despite the media coverage and drama around it, the truth is that most hackers are more likely to go over your small business than something the size of Citycomp.
Why? Because giant corporations like that have layers upon layers of protection and full-time employees waiting to hassle anyone that comes with 100 years of their cyber-turf. Meanwhile, small businesses have very little in the way of protection and very rarely have anyone working full time in security. That equals an environment where a hacker’s chances of succeeding go way up and his cost in time and effort goes way down.
There are three steps to fortify your small business environment to try and increase your defenses against looming criminal attacks. They are:
Change passwords regularly
Your odds skyrocket at staying safe if your passwords are constantly changing. Even if a hacker does penetrate one password, they usually will sit and watch your system for a bit to see what is happening and what they can exploit. If during that time you change your password, they will be locked back outside. You can install software that first suggests and then demands that your employees change their passwords every few months. If they fail to comply, they will be locked out of the system at some point until they do. A password manager such as Dashlane is another option to keep passwords safe and changing on time.
This requires each employee to enter their standard password but also some other sort of code, sometimes coming as a text or generated on a key fob in your employee’s possession. The difference between one password and two forms is substantial and can seriously damage a criminals’ attempts to gain access.
Employees need structured, schedule rehashes of all safety protocols for Internet security. Otherwise, it will slowly be replaced by other training and responsibilities and end up burying that information deep in their brains where they forget about it until something bad happens.