You're not imagining it. Large-scale data breaches and headline-grabbing hacks have become an all-too-familiar occurrence.
In fact, just last week it was revealed that hackers hit the Madison Square Garden Company, stealing credit card information from customers who used their cards at popular entertainment venues, including Madison Square Garden, Radio City Music Hall, the Beacon Theater, the Chicago Theater and Theater at Madison Square Garden. Also last week, the personal data of over 130,000 former and current Navy sailors was stolen from a laptop.
On average, it costs upwards of a half-million dollars for a large enterprise to recover from a security breach, according to a 2015 report from Kaspersky. Small businesses can expect to pay $38,000 per breach, a serious dent in the finances of the typical mom and pop shop.
To avoid that fate, Small Business Computing interviewed cybersecurity industry expert and author Andy Malone during the Spiceworld conference in Austin, Texas earlier this month. Here are his tips for keeping hackers and cyber-scammers at bay in 2017.
The Modern Way to Send a File
Malone is a proponent of using the file-sharing capabilities in Microsoft OneDrive, Google Drive and other cloud file storage services to keep a lid on sensitive information.
"Rather than emailing a file, maybe get into the practice of sending a link to a file," Malone said. "The problem with sending a file is that you lose control of that file." The recipient can forward the file or store it on an unprotected device, potentially placing it in the hands of unauthorized persons.
With the just-enough administration and just-in-time administration capabilities present in popular cloud file services, users can set limits on who can access shared files and for how long, he explained.
If It Ain't Broke, Fix It Anyway
Fearing major disruptions to their established ways of doing business, many companies cling to their old software. "It's the old excuse, 'It still works,'" said Malone.
"Of course it still works, but the threat landscape has evolved since then," he continued. "So, you've got to keep those systems up to date [and] patched all the time."
Fortunately, software providers are making it easier to stay up-to-date. "In the days of yore – i.e. a few years back – we would have big fat service packs" that would take a while to arrive, he said. Now, "the updates are coming as and when they're available," he said.
Moving Beyond Passwords
Whenever possible, use stronger authentication technologies than simple password logins.
"Definitely, the weak link at the moment is username and password," said Malone. "The fact that we've been going for 20 or 30 years here that passwords are still being used by the vast majority of people… I think we need to take passwords out. Biometrics, I think, are a big step forward."
A password doesn't "tell me who you are, it just tells me that you know the username and password," Malone said. Solutions Windows Hello, a biometric authentication technology available in many Windows 10 devices that places advanced security protections into the hands of average users at little to no cost.
"It used to be very, very expensive and very complex to set up," Malone said. "Now it's one of the most inexpensive things that you can do."
No Phishing Allowed
Unleash your inner cynic and also teach your team to be skeptical of emails that appear to come from vendors, colleagues and trusted business partners.
"The first thing is to recognize that not all emails from vendors like Microsoft and your bank, where they constantly want you to reconfirm your account details," are legitimate, said Malone. "A bank would never ask that kind of information, certainly not in that way."
Often, hitting the delete key is the way to go. If doubts persist, pick up the phone.
Putting Cloud Providers Under the Microscope
Take a good hard look at how the cloud companies that handle your sensitive data operate.
"As a business, you need to thoroughly vet your cloud provider and find out what kind of security they have, how is your data backed up [and] who has access to your data," said Malone. In Europe, for example, stringent data privacy regulations requiring that user data remain within the region can have a profound impact on how businesses select a cloud provider. Plan accordingly.