Protecting your business from cyber-attacks isn’t exactly a new problem, but occasionally we’re reminded of its importance by headline-making incidents such as the recent Ashley Madison hack (among others, like Target and Sony Pictures).
The hack of adultery website Ashley Madison resulted in the leak of more than 30 million accounts, including those of government and military officials as well as alleged fake female profiles — calling into question the company’s business practices. The CEO of parent company Avid Life Media, Noel Biderman, has since stepped down and hackers dumped about 30GB of his email archives online. Several class-action lawsuits have been filed in Canada and the U.S., and two suicides have been blamed on the breach.
It’s already being called one of the biggest breaches of all time. And not only big corporations are at risk. Even small businesses are on the radar of phishers, hackers and cyber-attackers. In fact, the National Cyber Security Alliance says smaller businesses have become bigger targets for cybercriminals because they tend to have fewer defenses than larger enterprises.
Despite the fact that a security breach could put you out of business, the NCSA found in a survey that 77 per cent of small businesses don’t have a formal written Internet security policy for employees; 63 per cent don’t have policies regarding how employees use social media; and only 37 per cent provide Internet safety training to employees.
First, though, it’s important to understand the risks so you can design an effective security policy and provide training for employees.
How You're at Risk:
Spam is usually associated with annoying junk email, but it can also carry viruses, spyware and other malware. By downloading malicious attachments or clicking on malicious links, you could inadvertently be letting hackers into your network, allowing them to steal data or even shut down the network (possibly through a denial-of-service attack commonly referred to as an email bomb). Hackers aren’t just motivated by money; sometimes it’s an act of revenge or activism.
Then there are phishing or social engineering attacks. Phishers (the online equivalent of a con man) use fraudulent emails that appear to be from a legitimate company such as a bank, a retailer or even another division of your company. These emails are intended to trick people into sharing their personal data such as passwords and credit card account information. Phishers could then use that information for fraud or identity theft.
Tips to Keep Your Email Secure:
1. Ensure you have the latest version of a security software suite, which should include anti-virus, anti-spyware, firewall and privacy protection, as well as email scanning and filtering. And ensure you have an email archiving system set up for compliancy.
2. Content filtering lets you block attachments based on content (on both incoming and outgoing email), and it can help you stay compliant with government and industry regulations.
3. An easy way to stay up-to-date with evolving security threats is to allow for automated updates to your security software suite — so even if you don’t have a security pro on staff, you’ll still get the latest patches in real time.
4. Enable multi-factor authentication for access to your network.
5. Ensure your security software suite scans USB keys and other external devices when they’re plugged into the network, since these can contain malware. In some cases, you may want to ban their use altogether.
6. While email filters can help block spam, some will still slip through the cracks. That’s why employee education and training is so important — particularly when it comes to social engineering attacks.
7. Put this all down in a written security policy and make it available to employees. Some companies have certain employees sign off on a policy, such as employees who handle sensitive customer information.
8. If you’re feeling overwhelmed by all of this, it’s worth hiring a trusted technology partner to help you monitor and assess security threats. The Canadian government has also put together a guide for small and medium businesses on how to get cyber safe.
(Left: "Get Cyber Safe Guide for Small and Medium Businesses". This guide from the Government of Canada website says it is "designed to help Canadians who own or manage a small or medium business understand the cyber security risks they face, and provide them with practical advice on how to better protect their business and employees from cyber crime.")
Even if you’re not a high-profile company like Ashley Madison, you’re still at risk of a security breach. Getting smart about cyber-security can make you less of a target in hackers’ eyes and protect what’s most valuable to your business: your customers.
Do you have a question about email security and how to protect your business? Ask us in the comments section below.