Cyber Security III: Protecting Your Company From Attacks
Article written by contributing author Kyle Debruhl
Whether you’re a multinational bank or burgeoning startup just finding its footing, when your website goes down it costs you money. Your business definitely needs protection online and realizing the threat that cyber-attacks can pose to your company can be a bit frightening, particularly if that company is just getting on its feet. Last week I wrote about some uncomplicated security measures that you can take to avoid falling prey to cyber attackers like phishers and browser hijackers. While these covered most of the ways you can protect yourself online, this article will offer a few tips for employers to protect the company you love.
While IT specialists input code to protect the users as much as possible, employers need to double down when it comes to educating their employees about personal security tips like passwords and clicking on questionable links when they are all trying to access and protect the same information. While it’s nice to have employees that you trust with your online presence, it’s essential to have clear-cut, explicitly stated security guidelines that are well-known to employees and easily accessible for reference. They need to understand that most unauthorized access occurs because of human error. Simple guidelines that enforce updated and activated (you’d be amazed) security software on all network computers can be the difference between a secure network and a breached one. It’s key to make sure that employees understand that even personal laptops, once on the network can become an access point for those looking to gain entrance.
Security needs to start at the most basic levels and build up from there. Make sure that anyone attempting to gain access or shut down your operation at any level meets some sort of security along the way. IT expert sources explained that a single-tier of protection wasn’t sufficient these days. In addition, multi-tiered security includes physical security such as locks on your server room doors and networking closets, logical network security like virtual local area networks (VLAN), firewalls on servers as well as at the network edge, and implementing a DMZ architecture when hosting public-facing applications, one expert explained. A DMZ architecture, for those scratching their heads, creates an isolated network that faces the public (as opposed to the internal network) adding an additional layer of protection against outside attackers. The lingo may be a bit confusing at first but the point is clear: Every place you can implement security, you should.
In addition to base level security software, it’s important to make sure you invest in a decent data encryption service. Data encryption is easier to use now more than ever before. With the plethora of companies that offer full disk encryption, it can be an important step towards protecting your company from prying eyes. Microsoft BitLocker is a simple, built-in way to enable full disk data encryption for those already using a business-class version of Windows. If using other versions of Windows, including the long-in-the-tooth Windows XP, it may be best to do your research and find the right encryption service for your needs. There are dozens of programs that each offer unique aspects and services and some companies, like Sophos, even offer a free trial of their software online.
Another huge concern for businesses with an online presence these days has been Denial of Service attacks or DoS attacks for short. DoS attacks happen when thousands of requests are made to a site (or file within a site) at once, resulting in an overload of the servers. DoS attacks have become much more common over the past few years and have ramped up considerably in recent months. While many of these recent large-scale DoS attacks have been the result of Hacktivist groups such as the Izz ad-Din al-Qassam Cyber Fighters and Anonymous targeting sites such as Wells Fargo, JP Morgan Chase and various government sites, smaller companies with an online presence are still at risk. DoS attacks can be the result of a malicious competitor or simply a group of dissatisfied customers. One basic way to prepare yourself for a DoS attack is by adding traffic alerts on your site. By knowing exactly when your site is getting hit you can set up firewalls to block the malicious connections and take control of the situation.
In addition to the do-it-yourself version of DoS preparation mentioned above, you can also invest in services that will help detect and prevent DoS attacks on your site. These can be expensive, ranging from a few thousand all the way into six figures, but there are a few cheaper alternatives. CloudFlare has been making a name for itself as a low-cost, high-quality DoS prevention service, earning praise from sites like Forbes and Arstechnica.com. CloudFlare’s service ranges from free (for basic protection) to a few thousand dollars a month for more performance driven security and customer service. Just like the disk encryption it’s important to understand your needs and budget and find the right service for you.
Keeping your business safe online is all about limiting potential vulnerabilities. The tips throughout this article will by no means guarantee your company’s safety from unauthorized access but they will go a long way in helping to create a tougher barrier between you and those wishing to do you harm. The most important thing to remember is that while cyber security can be a bit scary to the uninformed, unauthorized access and hacking aren’t magic. They rely on weak points in your security to work and just like protecting yourself online, an ounce of preparation is worth a pound of cure.
Do you have a tale of cyber warfare woe or a tip to prevent it? Share it below!
*AZTB is not endorsing any particular security product or method, please check with your IT specialist to determine the best cyber security for your company.