Cyber Security 101: A Guide to Protecting Your Business Online
Business owners often cringe when they hear “cyber security” because it’s something that is very complicated.
But, it doesn’t have to be.
In this article, we’ll explain what cyber security is all about, why you should take it seriously, and how you can protect your company’s important and sensitive information.
Let’s get started…
Click on any of these to jump straight to that topic
What Is Cyber Security
Cyber security is the practice of protecting computer systems — including but not limited to computers, servers, mobile devices, electronic systems, programs, networks — from theft or damage to their hardware, software, or electronic data.
Other people also call this information technology security or electronic information security; or simply information security.
Another simple definition for cyber security is that it’s the protection of internet-connected systems, including hardware, software and data, from digital attacks.
Why You Should Care About Cyber Security
According to a report by HP, nearly half of New Zealand Businesses aren’t prepared for a Cyber Attack.
The reality is, more than 70% small and medium businesses have been targeted by a cyber attack. The scary part is that most of them don’t even know they’ve been attacked, or worse, breached — meaning, someone was able to access confidential and sensitive information of your business.
Now, you’re probably asking…
What Happens When You Get Hacked
There’s not really a straight-forward answer to this question, because there are different types of hacking.
For instance, it can be as simple as someone posting a tweet using your business account saying “I got hacked by (blank).”
Or it can be very serious like adding passwords to all your files which leads to you not being able to access them (since you don’t know the password). You will then have to get in touch with the hacker to pay them a huge amount of money. Then they will send the password that will allow you to regain access to all your files.
This is an example of ransomware. It’s one of the most common types of cyber attack, which we’ll cover below.
Another type of hacking that has bigger repercussions is when personal information is leaked. This includes social media information, address, and job info like what happened in the PDL data breach.
Because when personal data is leaked, we’re now talking about your physical security. When hackers gain access to your internet banking credentials, it’s only your money that is at risk. You can always earn it back. But when your physical safety is at risk, lives are at stake.
Consider the effects of these actions on your business:
Problem 1: Without the ability to access your data, your organization stops working.
If you and your employees can’t connect to the internet or access your data, your organization stops working.
Problem 2: If organizational data gets breached/stolen, it can cost a huge amount of money and create animosity in the eyes of your customers.
It’s only the first quarter in 2019, these types of news won’t stop soon.
Costs of Cyber Attacks You’re Probably Not Aware Of
When your business is involved in a data breach, two things happen:
- You lose revenues
- You spend more
The first downside of getting breached is you lose the trust of your customers (and would-be customers). This leads to lost revenues for your business. Apart from that, you’d have to spend more to recover what was lost in terms of salaries and fees, not to mention the penalties you may pay.
With lost revenues and added costs, that puts a big dent on your company’s profitability. And if you’re a small company without deep pockets, a cyber attack might put you out of business.
According to one report, over 60% of SMBs close shop within 6 months after a data breach and is costing businesses $200,000 on average—which includes lost business, regulatory fines, and remediation costs
The question you should be asking now is, “are you prepared for a cyber attack?” If your answer is not a definite yes, then you can benefit from our free cyber security assessment.
7 Crucial Areas of Cyber Security You Need to Consider in Your Business
Ensuring cyber security requires the coordination of efforts throughout an information system, which includes the following categories:
- Network security is the process of securing a computer network from intruders, from both direct and indirect attacks.
- Application security focuses on keeping software and devices free of threats. A compromised application could provide access to the data of its users (and your business.
- Information security protects the integrity and privacy of data, both in storage and in transit. This includes protecting your backups as well.
- Operational security includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.
- Disaster recovery and business continuity dictate how your business gets back on its feet and restore operations should a disaster or a cyber security breach that caused data loss occur.
- End-user education addresses the most unpredictable cyber security factor: people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Phishing attacks are the most common threat your staff should be knowledgeable about.
- Leadership commitment is the key to the successful implementation of any cyber security project. Without it, it is very difficult to establish, implement and maintain effective processes.
One of the most problematic elements of cybersecurity is the constantly evolving nature of security risks. This is also the main reason why there’s a shortage of talent in the industry.
And the main reason why you should have a reliable IT partner to stay on top of all these changes.
Two Additional Areas of Cyber Security No One Is Talking About
1. Mobile security
Modern businesses are powered by a mobile workforce. As a business owner, you’re always on the go. You’re with your phone 24/7, talking to your customers, chatting with your team, accessing files and emails, and much more.
That’s why it’s vital that you keep your phone (and your employee’s devices) protected — both physically and digitally.
Start by adding a password/passcode to your devices. For ease of use, there are people who still don’t use them. Also, consider using a VPN, especially when using your device to connect to public Wi-Fis.
There have been cases where personal devices were the cause of security breaches. Even without any malicious intent, an employee may plug in a personal USB to bring in some documents to finish over the weekend can become the reason why your business gets hacked.
2. Internet-of-things (IoT) security
Technology is continuously making our lives easier and simpler. And it definitely is invading our homes and offices — from as simple as an automatic garage door opener, to the temperature control in your living room, to speakers that can play music and even make orders online; or smart printers where you just send an email to a specific address and it prints out automatically, or programmable coffee machines.
All these are conveniences brought about by technology.
However, they are not without risks. Unlike our computers, IoT devices do not have anti-virus software as their first line of defense.
If these devices don’t have updated security protocols, a hacker can easily get in and gain access to all your devices. They can see you in your own CCTV, hear you in your speakers, and everything else you see in movies.
That’s why it’s important to keep yourself protected. The best way to do this is to update your software/firmware and add passwords to your devices.
For more tips on how to protect yourself, read this article on how to avoid getting hacked.
3 Pillars of Cyber Security You Need to Focus On
If you’re keen on understanding and implementing cyber security for your business, there are three areas (or pillars) you need to look into: people, processes and technology.
This three-pronged approach helps organisations defend themselves from both organised attacks and common internal threats, such as accidental breaches and human error.
Technology encompasses both software and hardware. The most common one you are probably using is antivirus software. But, as you may probably know, none of these is perfect. Some will get through the cracks. That’s why the other two pillars are important.
Processes are your policies and how you company deals with online security and protection. This includes:
- How you protect and backup your data,
- BYOD policies (Bring Your Own Device),
- What you do in the event of a breach, and
- How you communicate cyber security to your staff
According to one study, people have a contribution to 96% of all breaches. Without any continuous education on best practices, your organisation could be next. Learn the most common targets in your organisation and how you can avoid them.
And if you’re looking at something you can do today to protect yourself, you can enroll in our 4-day email course on passwords below. In this series, you’ll learn exactly how “secure” your password is and what you should do to keep them safe.
Most Common Cyber Security Threats to Your Business
Malware, short for malicious software, is any software designed to gain unauthorized access or to cause damage to a computer. It’s the general term for viruses, trojans, etc.
Ransomware is a type of malware designed to extort money by blocking access to files/computers until ransom is paid. This is the example we wrote above. In a recent attack, ransomware caused this company over $40m already.
3. Social Engineering
Social engineering is a tactic that aims to convince a user to disclose sensitive information such as passwords and credit card numbers by impersonating other people. The most common social engineering example involves someone posing as the CEO and sends an email to the accounting/finance department to transfer money to a “supplier.”
Phishing is the practice of sending fraudulent emails (or any other communication platform like SMS or calls) that resemble messages coming from reputable sources with the intention of stealing sensitive data like credit card numbers and login information.
7 Most Common Cyber Security Terms You Need to Know
Apart from the most common threats you may face in your business, there are other cyber security terms you need to be familiar with. These terms are often in news sites. A better understanding will greatly help you reduce the risks to you and your business.
A vulnerability is a weakness in design, implementation, operation or internal control.
Remember the 3 pillars of cyber security above? If one of them, say your technology, isn’t updated, a hacker can easily get in your systems.
2. Denial-of-service (DoS)
DoS attacks are designed to make a computer or network resource unavailable to its intended users.
This is what happened to Toyota last February where the staff can’t access their emails for days.
Spoofing is the act of masquerading as a valid entity through falsification of data in order to gain access to information or resources that one is otherwise unauthorized to obtain.
This is similar to phishing in the sense that hackers try to deceive the person receiving it, but the main difference is that spoofing is for delivery whereas phishing is for retrieval. You won’t knowingly download a malware, right? But if someone tricked you into clicking a link, say about your business getting sued, you will most likely click on it. That will then lead to a download of some sort of malware.
Adware is a form of malware, malicious or not, that hides on your device and displays advertisements on a computer. Some adware also monitors your behavior online so it can target you with specific ads.
A common sign that you have adware is when your browser’s homepage changes into something else, i.e. when you open it, a website automatically loads instead of your default page.
Spyware is a form of malware that hides on your device, monitors your activity, and steals sensitive information like bank details and passwords.
One example of spyware is a keystroke logger, or keylogger (see below).
Keyloggers secretly records what you type on your computers and devices. Employers use keyloggers to watch employees, but cybercriminals use them too.
On its own, you can track productivity levels and what people do, but when used maliciously, you can steal credit card information and other sensitive data.
Trojans are software programs that claims to do A, but does B instead. They can take the form of attachments, downloads, and fake videos/programs.
Taking its name from the Greek Mythology, the trojan horse allows a hacker to get into your system by promising to do one thing (offering to Athena), but also allowing the hacker to do other things (get inside Troy).
Top Cyber Security Tips to Protect Your Business
There are two ways to protect your business from cyber attacks. The first one is to stop believing in these cyber security myths. Check out myth #4 as this alone is enough to convince you to start taking cyber security seriously.
The other way to protect yourself is to be more proactive about protecting your data and other sensitive information. Here are 21 tips you can do to protect yourself from cyber attacks:
- General Tips
- Use a password/passcode on your devices
- Don’t use the same password across your accounts
- Use multi-factor authentication (MFA) whenever possible
- Don’t click on any link/download files from people you don’t trust
- Use an antivirus software regardless of your device
- Upgrade your software/firmware when possible
- When connecting to the internet
- Use a VPN
- Always logout of your accounts if you’re sharing your computer/public computer
- Permanently delete all the files you downloaded in public computers
- While traveling
- Avoid online banking
- Connect only to trusted networks, if possible
- Use your own internet connection, like your phone’s data/pocket wifi vs a public wifi
- At home
- Use a strong password
- Upgrade your router’s firmware
- Upgrade any IoT device (Google Home, Alexa, Home Pod, etc)
- Change the credentials of your router’s admin section
- Buying something on the internet
- Look for the SSL icon
- Buy only from trusted sites
- Using email
- If someone asks you to wire some money to a certain account, run away the other direction
- If the email asks you to click on a link and asks for your username AND password, don’t do it.
- Check if the person/company who sent the email is really who they are
We strongly recommend continuous learning for you and your organization. Luckily, we created a 4-day email series on how to protect yourself online. This first topic is all about passwords.
Frequently Asked Questions
What is cyber security?
Cyber security is that it’s the protection of internet-connected systems, including hardware, software and data, from digital attacks.
Why should I care about cyber security?
Apart from losing your customer’s trust, the average cost of a data breach is 5.75 million NZD. Most companies don’t recover from a breach.
Do I need to worry about cyber security?
Yes. Did you know that more than 70% of SMBs have been targeted by a cyber attack; yet most of them don’t even know about it.
What are the 3 pillars of cyber security?
The 3 pillars of cyber security cover technology, people, and processes. It helps organisations defend themselves from both organised attacks and common internal threats, such as accidental breaches and human error.
What are the 3 pillars of information security?
The 3 pillars of information security cover technology, people, and processes. It helps organisations defend themselves from both organised attacks and common internal threats, such as accidental breaches and human error.
What is network security?
Network security is the process of securing a computer network from intruders, from both direct and indirect attacks.