With all the headlines about massive security breaches at the IRS, major retailers and social media sites, it is easy to think of cyberattacks as a problem solely impacting large organizations.
In reality, small organizations and even individuals can be the victims of an attack. While it is practically impossible to completely eliminate the risk of cybercrime, there are several simple actions you can take to reduce the risk.
Smart Business spoke with Jim Martin, Managing Director at Cendrowski Corporate Advisors LLC, about what you and your company can do to protect yourselves.
What can a person or small business do about the threat of cyberattack?
As cyberthreats evolve, the methods of protecting individuals and businesses need to evolve as well. Cybersecurity should be an ongoing cycle to identify risks, work to mitigate that risk, monitor for intrusions and new threats, and respond and recover from actual attacks.
This needs to be an ongoing process as new threats emerge, rather than a one-time review. The same principles can be applied to a cybersecurity program for an individual or small business.
It’s critical to remember that our home and business lives are increasingly interconnected. Even if you don’t do much more on your home computer than check email and shop, you might still be downloading and storing information inadvertently.
For example, if you check your work email on a home computer, and open attachments, you likely have a history of correspondences and copies of the attached documents, even if you didn’t save the files.
Similarly, if you use your work computer to enter your bank account information to check your balance, or use a credit card for online purchases, residual data may be saved.
Most internet browsers will offer to save passwords for websites you visit and these are also stored on your machine. When you start to think about your actual use, you will likely find that the computers you access contain all sorts of sensitive data.
What about a person’s smartphone?
Phones and mobile devices also store file and password data, and should be used cautiously and protected. Also, be aware of cloud backup and sharing platforms as they can propagate files across all the devices on the same cloud account.
Your work might have a Bring Your Own Device (BYOD) policy that describes the limits of data you can access with your device, which should be followed rigorously. Your mobile devices should be configured with a passcode or other ID to prevent others from accessing data if the device is lost.
If possible, your device should be encrypted to prevent more intrusive methods of accessing your data.
What are some warning signs that should be noted?
Monitoring is a big part of any effective cybersecurity plan. It’s important to be aware of changes in the way your devices operate.
If you notice popup windows (especially those asking for password information), redirection to strange websites while you are browsing, or extremely slow processing it might mean you have malware infections.
While many of these simply push advertising, they all have the potential to do a lot of harm — or install other malware that could do harm. Anti-virus and anti-spyware programs can remove these malware applications, or a specialty computer support company can help.
Registering your anti-virus program with your email account can be helpful for monitoring and anti-virus companies send out frequent alerts about new types of attacks. Professionals who operate in high risk environments should consult with a security firm for in-depth assistance as part of a personal risk assessment.
For example, attorneys involved in high-profile litigation, attorneys involved with law enforcement or those who frequently access confidential documents at home are at greater risk.
Basic awareness of the risk of cyberattack to personal computing devices can greatly reduce the risk of an attack, and the impact should an attack occur. It is every user’s responsibility to ensure the safety and security of the data they maintain on their personal devices. ●
Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC