Five Ways To Protect Your Business And Ruin A Hacker’s Day (and they’re free)

20,000 Leagues Under The Sea poster by Ken Taylor

If you’re a small business owner like me, you have a lot of company. There are about 28 million of us in the U.S. compared to about 16,000 large businesses. You’re also a favorite target for hackers because you’re the most vulnerable. You not only don’t have the budget for your own Security Operations Center, you’re lucky if you have a full-time IT manager.

Hackers who use ransomware love you because you’ll pay up. Cybercriminals who victimize you by telephone love you because you’ll fall for their various cons. Cybersecurity companies ignore you because you can’t afford their products and services. And worst of all, if a hacker empties your business checking account, your bank has the option to not restore your funds.

After spending several years struggling to make a difference in the enterprise space, I’ve decided to focus on helping the small to medium-sized business owner instead. You can learn more about our program at the 20K League website, but in the meantime, here are five free things that you can do right now to move the odds of surviving a cyber attack in your favor.

  1. Back up your data to a removable hard drive and keep it off your network.
  2. Use a web-based email client provided by your ISP or use Gmail or Outlook.com (not Yahoo)
  3. Use an enhanced security browser like Chrome
  4. Have a separate computer exclusively used for online banking
  5. Don’t take your work computer when you travel

Off-line Backup Storage

Hackers who use ransomware play a numbers game. The ransoms are relatively cheap ($500 or less) and most companies pay. Small businesses almost always pay. Fortunately there’s a simple way to eliminate the threat of ransomware — off-line backups of your data.

Whatever backup service you use, be sure to copy it to a removable hard drive or USB stick and store it off your network. The reason for this is that ransomware will soon evolve to the point where it will not only lock down your computer but it will search for your online backups and lock those down as well. You can defeat that by simply going “old school” and keeping a copy in your safe or a locked desk drawer. Then, when a hacker attempts to ransom your data, you can safely and confidently say “f — k you”.

Web-based Email

There are only two ways that you can be compromised online: email and web browsing. The worst way to open your email is by downloading it to your computer. If you open a malicious attachment on your work computer, you’re screwed. If you open it in the cloud, it becomes your ISP’s problem. They’re equipped to deal with it. You aren’t.

Enhanced Security Web Browers

If a malicious email doesn’t contain a payload (an attachment containing malware), it will direct you to a website that looks legitimate but isn’t. By using Chrome, Epic, or other browsers with enhanced security features, your browser will protect you from most of those malicious sites.

Online Banking From A Dedicated Computer

I can’t tell you how many times I’ve seen client banking data appear on a server run by some criminal hacker group. This includes usernames and passwords not only for the small business owner’s bank account, but also for his Quickenbooks account. It can be catastrophic for you because, unlike your personal banking account, your bank isn’t obligated to restore money stolen from your business account by hackers. It is entirely at your bank’s discretion.

Here’s how to drastically reduce the risk of your online banking information falling into the wrong hands. If you have a second computer available, use it only for online banking. Do not open any emails. Do not visit any websites other than your bank’s website. Do not let anyone else use it at any time. If you only log on, conduct your banking business, and log off, you’ll be in good shape.

Travel with a Clean Kit

One of my first consulting clients was a business membership organization that suffered a serious breach. They paid upwards of six figures for incident response and within two weeks, one of their executives came back from a trip with a compromised laptop. Had we not intercepted it first, it would have re-infected the business all over again.

When you travel for business or on vacation, never take your primary laptop with you. Use an iPad, a Chromebook, or some other inexpensive device that can be easily scrubbed once you return. You have your work computer, and you have a travel computer, and never the twain shall meet.

Join the 20K League

Implement the above tips and you’ll have reduced your risk to cyber attack by an order of magnitude. Join the 20K League and you’ll have someone to call in case the worst happens. I look forward to hearing from you.