11 Ways to Protect Your Business From Cyber Criminals Professionals are on the loose, hoping to prowl through your computer networks, but they're not working for your company. Here's how to keep their hands off your firm's data.
By Robert Siciliano Edited by Dan Bova
Our biggest sale — Get unlimited access to Entrepreneur.com at an unbeatable price. Use code SAVE50 at checkout.*
Claim Offer*Offer only available to new subscribers
Opinions expressed by Entrepreneur contributors are their own.
The "bad guys" need not refer to the gangs roaming around with chains and baseball bats. These days many are geeky little waifs associated with organized cyber crime. These thugs are using their brains to find small businesses to brawl with. They want sensitive data from these companies and yours may be next.
Related: Best Practices for Employees to Protect the Company From Hackers
Protect your business from organized cyber crime rings that may include the following players:
Programmers: These skilled tech pros write and code the viruses that infect a business's computer network.
Carders: Specialists distribute and sell stolen credit and debit card data. Sometimes they transfer the data onto blank cards, then put foil on them to create duplicates.
Hackers: These intruders break into a company's PC networks via their vulnerabilities.
Social engineers: Such con artists concoct ingenious schemes to trick people into giving up personal information or visit websites that download viruses. These players represent the creative end of the crime ring.
Rogue systems providers: They run run scrupulous businesses that provide servers for cyber thieves.
Money mules: These individuals purchase things at retailers using stolen credit cards. Some launder money while others ship products.
Bosses: The head honchos of a crime ring hire the worker bees but rake in all the money.
Cyber criminals want valuable data: Social Security and credit card numbers, bank account information, email addresses, home addresses, birth dates and more. With this loot, they can take over existing accounts or open new ones to make fraudulent charges. After gathering email addresses, they can conduct phishing operations.
Hackers seek out weaknesses such as employees who are prone to fall for social-engineering scams and outdated operating systems or browsers.
Related: Beware of a New Kind of Business Identity Theft
Keeping cyber gangs at bay.
The following are tips for small businesses to take to stave off cyber crime.
1. Keep your operating systems updated and regularly patched.
2. Have a firewall plus software that opposes virus, spyware and phishing attacks.
3. Keep your browsers updated at all times with the latest version of the software.
4. Keep all system software updated.
5. Encrypt your wireless network.
6. Restrict software and set up administrative rights so that nothing can be installed on company computers without authorization.
7. Use filtering that controls access to data.
8. Block access to restricted sites with Internet filters to prevent employees and hackers from uploading data to storage clouds.
9. Remove or disable USB ports so that malicious data can't be downloaded.
10. Implement strict password policies.
11. Encrypt entire drives, folders and files.
Adopting software and hiring professionals.
Other security issues can result from scammers working on the inside or employees not being educated about the risks of bringing their own devices to work. Business owners should consult with security professionals.
By installing data-loss prevention and risk-assessment software, it's possible to monitor the entire network's activities to detect events that could lead to a data breach and detect trespassers before it occurs.
White hat hackers will search for weaknesses and try to break through them, using tactics similar to what black hat hackers use. These white hat hackers may use social engineering tricks or screen the physical security of the building for weaknesses, even during business hours. Staged attacks have been proved to succeed elsewhere, so if they work against the company during these experiments, the company will have a rude awakening.
If businesses do nothing, assuming a "nothing can happen to us" mentality, then it's only a matter time before a security hack.
Related: 4 Ways a CEO May Be Inviting a Cyber Criminal to Attack