10 Ways to Definitively Secure Your Online Business This Year
Even if you provide products or services in the real world, at least a portion of your business has a presence online.
One of the biggest concerns of running an online business is security. You have to make sure you’re in compliance with data protection laws, that your staff understand the importance of cyber security, and that your company has a plan in place if and when trouble comes.
Above all, ensuring good cybersecurity means knowing which pitfalls to avoid, and a good understanding of the threat profile of your business. This includes the realization that your employees can be a huge security risk, and that there are certain times in the business cycle where you are more vulnerable. Security is particularly important as your business grows, for instance, or when you are transitioning to a new system.
In short, don’t get complacent. You may not think you’re a target, but the statistics tell a different story.
Online Security Statistics
Cyber security isn’t just a US problem; it’s a global concern. According to the 2018 Cyber Security Survey conducted by the UK’s Department for Digital, Media, Culture, and Sport, 43 percent of businesses experienced a data breach during the previous year. The average cost of each breach is about $150 per record.
In 2018, there were more than 137.5 million new samples of malware released; only a few months into 2019, we were already finding more than 245 million new samples of malicious code. What’s more, up to 93 percent of the malware evaluated was found to be polymorphic. This means that it can alter itself to prevent detection or removal. A new attack is launched every 39 seconds.
Although business networking and databases are still primary targets for exploits, mobile computing is experiencing a rise in malicious activity. There are approximately 4 million apps available for download at the Google Play Store alone.
An internet security threat report from Symantec found that there are more than 24,000 malicious apps blocked on mobile phones each day. Mobile use also accounts for about 60 percent of cyber fraud cases. Of all devices that were targeted for exploit last year, half were reinfected again.
10 Steps to a Safer Online Business Environment
US law enforcement and agencies in other nations are doing what they can to halt cyber crime. The rest is up to us. Online security covers everything from protecting network access to ensuring that all elements of your digital marketing campaigns are secure.
The biggest risks to your company come from:
- Internet-based attacks from malware, spyware, and viruses
- Human error via weak passwords and lost or misplaced devices
- Systematic and software flaws and vulnerabilities
- Systematic and software subversion
The good news is, there are a number of proven ways that you can protect customer and employee data. It only takes a little time, knowledge, and prioritizing to harden access and prevent your company from being exploited by internal and external threats.
1. Be Aware of the Problem
Complacency may be the number one threat to your business, whether from lack of education or preparation. The first step toward securing your online business is realizing that you’re a target.
2. Control Access
Traditionally, all business was conducted online, in an office. With the rise of mobile computing and BYOD, that dynamic has changed. Even texting is becoming as much a business activity as a social communications platform.
This makes access control a much more urgent concern. If you’re unwilling to limit BYOD policies for employees, make sure that you use secure business cloud storage providers, and that you protect your network using the following basic steps:
- Restricting physical access to on-premises devices and networks
- Limiting network access to authorized users
- Using application controls to limit access to databases and services
- Using a VPN on all networks and connected devices
- Limiting what information can be saved and stored, and controlling where it is stored
- Prohibiting certain types of emails and attachments through filters
- Prohibiting use of public networks outside the office
- Changing WP login information from the default
3. Use Encryption
Authentication and encryption should be allied to access controls through password managers or 2F authentication and using a unique login for each account. Your domain should be protected using the latest SSL encryption standard. Make sure that your certification is updated and renewed to avoid lapses.
4. Make a Plan
Awareness means nothing if it isn’t followed by action. Perform a thorough security audit of your company and networks to discover your level of risk, particularly when it comes to the security of your internal communications.
Once you know where you’re vulnerable, take measures to reduce risk. This includes creating a comprehensive cyber security prevention and mitigation plan, educating existing staff and vendors on security protocols, and onboarding new hires with safety in mind. You should also have a backup and restoration plan in place to respond quickly to incidents, reduce downtime, and contain damage.
5. Use a Properly Configured Firewall
Properly configured firewalls are the first line of defense against network penetration. Make sure to clearly define rules and permissions, and update the firmware as indicated. This is a particularly important part of securing your business website when it first goes live.
6. Install Antivirus/Malware/Spyware Protection
These applications detect and remove any malicious codes that tries to enter your system. Make sure to configure them for automatic updates so you always have an up-to-date database for defense against the new threats that emerge daily.
7. Monitor Your Networks
Antivirus and malware protection are fine, but they often detect threats after an attempt. You also need to make sure that your system is monitored around the clock, in real time. There are a number of intrusion detection applications available for enterprises that perform this function and send email or text alerts. Many hosting services also offer system monitoring as an added feature.
8. Choose Hosting That Includes Security Features
You’re doing your part to protect your interests. Make sure that any outside service providers are doing theirs. Avoid cheap or free hosting, which often comes with hidden costs and risks. Before signing any contracts with a hosting company:
- Ask them about data collection, storage, and sharing policies
- Get any data retention promises or downtime guarantees in writing as part of your service level agreement (SLA)
- Choose hosts that offer the latest in encryption, DNS leak protection, and SSL authentication
9. Keep Everything Updated
We’ve already mentioned firmware and antivirus updates. It’s also important to keep your hardware, OS, and security protocols updated. Older systems are often unsupported, so it pays to upgrade. Often overlooked are the problems of service gaps caused by contracts that don’t renew automatically or billing errors.
Another commonly overlooked routine is security auditing. This isn’t a one and done security measure. You should reevaluate and update your cyber security planning and mitigation on a regular basis to keep on top of emerging threats and lapses.
10. Backup All of Your Databases
In the event of a breach, whether accidental or as the result of an attack, you want to limit your down time and get up and running again as soon as possible. That means performing regular system backups and using secure on-premises storage for your most sensitive data. That way, you’ll be able to restore functionality and get back to business sooner, which improves efficiency and productivity. It also limits the loss of revenue, resources, and reputation.
As technology advances, we have more opportunities to conduct business in a safe, secure environment. Unfortunately, the bad guys have technology on their side, too; 90 percent of hackers use encryption to avoid detection and capture; only 12 percent of cyber criminals are ever caught.
You’ll reduce the chances of becoming another statistic with knowledge and preparation. When you take away the element of surprise, you take away one of the cyber criminals’ biggest advantages. Having robust cyber security in place frees your time – and your mind – for business building and development.