Summer 2017 may go down in the record books as one of the most dangerous periods to be a computer user.
The industry is currently reeling from weaponized exploit kits, which were leaked from the U.S. National Security Agency (NSA) earlier this year. What were once spying tools are now being used to spread waves of debilitating ransomware across the globe.
More than mere nuisances, last month’s WannaCry outbreak and the recent Petya attacks are having a devastating effect on many businesses. In the U.K., WannaCry shut down hospital systems, affecting patient care and health records retrieval in some cases.
Although the scale of recent cyber-attacks is worrying, there are steps small business owners can take to prevent another WannaCry or Petya from taking their precious data hostage. Kevin Cardwell, a computer security architect and Udemy instructor, shared some of his security tips with Small Business Computing.
With a number of U.S. Department of Defense projects and several consulting stints for companies and government agencies under his belt, he knows how hackers think. Below are Cardwell’s tips for keeping your small business safe this summer and beyond.
Ignorance is not bliss
To hook a big fish, it’s common for hackers to cast a net that ensnares much smaller fish.
“Many small businesses don’t think they’re going to be targeted by hackers, but they represent a way for hackers to get access to larger companies,” stated Cardwell. “It’s the principle of attacking the weakest link, and in most cases, that’s the small business. Anyone you work with could also be attacked through their network.”
Not only should small businesses owners take this to heart, they should arm themselves against the inevitability of being targeted. Luckily, putting up an effective defense is very attainable.
Encouragingly, Cardwell noted that “the majority of cyber-attacks against small businesses are not sophisticated. There are fundamental security controls that anyone can deploy to mitigate most attacks.”
Safeguard against basic threats
Need a place to start? Cardwell provides this handy checklist:
• Use application whitelisting to help prevent malicious software and unapproved programs from running
• Patch applications such as Flash, web browsers, Microsoft Office, Java and PDF viewers
• Patch operating systems
• Restrict administrative privileges to operating systems and applications based on user duties
And here’s rule-of-thumb that can help small businesses avoid many common threats to their networks.
“In general, a simple defense tactic anyone can implement is to not allow your servers to initiate connections with the internet,” said Cardwell. “A server is designed to receive connections, and not initiate them. Any deviation from this should signal that your system is being penetrated.”
Segment and Isolate
While employee education is vital, small businesses shouldn’t bank on it to keep their systems safe.
“Employees are your weakest security link. Even with the correct network security protocol, your employees can still be fooled by hackers,” said Cardwell. “These sorts of attacks usually involve an employee clicking on something, not just once, but multiple times.”
Cardwell recommends a tactic he learned in the U.S. Navy called ‘Segmentation and Isolation” when dealing with click-happy employees.
“Segmentation and Isolation means designing your network so that when one employee’s computer is compromised, you can isolate the infection to just that one machine. If you can contain a cyber-attack to just one machine, you have a success on your hands,” he said.
“Think about cyber security like disease prevention. Your goal as a small business owner is to prevent the spread of disease from patient zero,” added Cardwell.