10 Steps To Protect The Online Business From Cyber Attacks
Published on 2021-04-08 by Ching Chieh Li.
The hacker hides in the dark corner and steals the data without any sign. Cyber attacks sound like it only happens in the movie. In fact, cyber-attack happens more often,especially when everyone works from home. Some cyber fraud starts from a small thing, such as the unpaid fee. Then this small amount turns into a huge amount of money. Here are 10 steps to protect your business from cyber-attacks.
The most common types of cyber attack
- Fishing email: The most common type of fishing email is the message from a prince, princess. Usually, he/she will offer a lot of money, but he/she needs some help from the receiver in advance.
- Phishing attacks: This type of attack usually pretends to be an organization like a bank or a government official. Usually, they start with a simple message like a small amount of unpaid fee for using their service. When someone replies to a message, then they begin to reveal their intention. For example, the unpaid fee is a high amount of money. To protect your savings, you need to transfer the money to a new account.
- Man-in-the-Middle attack: MITM attacks mean that the hacker hides in the middle during communication. Both parties do not feel any difference, but someone secretly hides in the middle and even takes the message away without any signs.
- Spear-phishing attacks: This type of attack usually disguises themselves as the client or business partner. They know everything and ask for regular things like asking the regular payment for the service.
Step 1: Backup and update your system regularly
Some attackers make use of the old security breaches to get into the system. Regular updates prevent your system from security exposure. Now you can even set the system update in non-working hours. Moreover, in case you lost any valuable data. You can always back up data regularly and even upload the data to the cloud such as Dropbox. You can use several options like daily auto back up after working hours, monthly automate backup. For sensitive data, you can save it into the pen drive.
Step 2:Open VPN when you connect the public internet
The man-in-the-middle attack usually hides behind the public internet. You can open a Virtual Private Network (VPN) when you use the public internet. Even the hacker notices you, but he/she cannot reach you because of the VPN. Some software provides a quick security report when you connect to the public internet. You can open a VPN and have a quick security check before using the public internet.
Step 3: Train your employee
Spear-phishing attacks can be spotted with well-trained employees. Educate your team to be cautious about this type of attack and be careful when receiving a sensitive message. Set an incident response and recovery plan early. Also, remind them not to click on any suspicious website and pop up.
Step 4: Open the protection in your browser
To have double protection, you can also check the security setting in the browser. Usually, the browser offers additional protections like informing you when the website looks suspicious. Some browsers like Opera and Google also provide secure DNS. You can check it from the setting.
Step 5: For sensitive information, use a strong password and change them regularly
We can add additional protection for sensitive data. For example, use strong passwords which include numbers and special characters to access sensitive data. Also, update the password every three months to protect your data. You can also use two-step verification. Besides inserting the regular password, the system will also ask for an additional SMS or code from the email before opening the database.
Step 6: Use another way to transfer the crucial information
I used to have a lockable diary when I was a kid. I felt so relieved to leave it anywhere as I had a very complicated password. Until one day, I found out that someone read my journal. Why he/she could open it? Then I realized that I should not leave the paper with the password right next there. We would like to avoid the situation like putting the key right next to the well-locked door. Besides changing the passwords regularly, use another method to transmit essential information like passwords. When you have a new employee, instead of offering the password via email, use another way to transfer the password, such as the SMS message.
Step 7: Use a screen protector for personal mobile devices
We feel uncomfortable when people try to peek at phones in public. Sometimes, this is how confidential data leaks out. Use a screen protector for your device. That is a simple plastic on the screen but can effectively reduce the chance for others to peek at your screen. Cell phones also have a lot of applications to prevent other people from checking your mobile.
Step 8: Open firewall and the security system like WAF
Besides being careful with the outside surroundings, opening the firewall is also essential. When is the last time for you to receive the update report? Do you open the internal firewall and open the web application wall (WAF)? Does the software provide an update and update the patch?
Step 9: Conduct security and risk assessment check regularly
The security system in the computer will conduct a regular security check and provide the report to you. In addition, several websites also offer online assessments for you to avoid any possible exposure.
Step 10: Use an email filter
An email filter is the last step to protect your online business. Some suspicious virus secretly hides in the email. Google automates filter the email and moves the suspicious one into the spam folder. Do not click on the site from any suspicious email. If one of your clients suddenly contacts you from another similar email account, be careful about this. You can even contact them to confirm the authenticity of the email.
The cyber attack happens more often when everyone works remotely. We have several ways to take preventive actions. Never click on any suspicious link from the mailbox. Update and backup your system regularly to prevent the security branch. Be careful when you receive a suspicious email. With those steps, you have a well protections for your online business.