“A brave new world of hacking for profit.” That’s what’s coming your way in 2016. At least, that’s how U.S. Attorney Preet Bharara described what’s ahead for companies, shortly after announcing the indictments of three men in the the largest cyberattack in history.
The security breach plot, which was determined to span several years, led to the theft of the data of more than 100 million people, according to an article in The New York Times. Bharara went on to say that hacking is apparently a new business model that’s being used primarily for profit.
And the impact of cyberattacks is far-reaching. No matter the size of the business, or where it’s located, the risk is there, according to Hamish Bowen of Grant Thornton in New Zealand. “High-profile security breaches are becoming more common and without a comprehensive strategy to prevent digital crime, businesses are really putting themselves in the firing line,” he said.
So, how does the small business, the mid-sized business … or even larger corporations implement security measures if the JPMorgan Chase-type institutions can’t seem to defend themselves against sophisticated security breaches?
While nothing seems to be fool-proof, you can start by minimizing your risks of vital data being stolen. Here are just 3 of the basic areas you need to check now, according to the National Cyber Security Alliance:
- Internal policy for employees. Just because employees passed background checks and perform stellarly on the job doesn’t mean they can’t put you at risk — either intentionally or unintentionally. Yet, among smaller companies, 77 percent reported not having a formal written Internet security policy for employees. Ensure that your internal team is using best practices for network security by developing a written policy.
- Require multi-factor authentication. Strengthen your security measures by requiring more than one method of authentication to access company networks.
As hackers get more aggressive, businesses need to attempt to stay a step ahead with measures that minimize the risks of intrusion. As 2016 approaches, it’s time to revisit how your policies, infrastructure, data protection, and training stack up.