News sites across the internet, as well as local media, informed us that 1.2 billion usernames and passwords were stolen by an internet crime group located in a small city in south-central Russia. In addition to the usernames and passwords, over 500 million email addresses were also stolen and confidential material was obtained from 420,000 websites. The websites that were hacked included Fortune 500 companies as well as small internet sites.
The record theft was discovered by Hold Security, an internet security firm in Milwaukee, Wisconsin and corroborated by 2 other security firms. Many of the sites that were hacked are still unaware of it and vulnerable. The numbers are mind numbing, and raise the question of what network security measures small businesses should take, especially if the owner is not very technical? Even for the non-technical business owner, there are a number of steps worth taking to protect against this.
Password Protection: When was the last time you changed your website’s password? If it’s been more than 90 days, this is the first and easiest step you can take. In an earlier post, I outlined password best practices users can utilize, and they will serve business owners well too (see http://220.127.116.11/~wiseinsu/avoid-identity-theft-password-practices/).
Web Hosting Company: Talk with your web hosting company to see what measures they have in place to keep your site secure. In addition, ask what tools they would recommend you put on your site to add another layer of security. They should know what works well and what doesn’t.
Security Suites: Most of us are accustomed to having some type of anti-virus protection on our PCs. There are a number of great products available including Norton, Kaspersky, Trend Micro, McAfee, and others. Many of them offer security suites that are available to run on your server too.
WordPress Plugins: If your website is built on a WordPress platform, there are a number of security plugins available from WordPress and other developers. Popular plugins include iThemes, Wordfence, All in One WP Security & Firewall, and others. Some are free, and some have a cost.
Security Analyst: Even small businesses have data they want to lock down like the gold in Fort Knox. If this represents you, hire a security analyst to conduct an audit of your website, and then implement their recommendations. I would also suggest taking this a step further and having them conduct audits at regular intervals.
Even if you implement some or all of these steps, there is no such thing as an ironclad guarantee. A dedicated group of hackers can still penetrate the best defense which makes it vitally important you have cyber liability insurance (see http://18.104.22.168/~wiseinsu/cyber-liability-insurance-small-businesses/), and a data breach response plan (see http://22.214.171.124/~wiseinsu/data-breach-response-plan/).
What network security measures are you taking? Share them with us in the comments section of our blog or on our Google + and Facebook pages. I’d love to know what you’re doing!