Guest Column | June 30, 2014

4 Ways To Keep Your Customers Safe From A Cyber Attack

Marco La Vecchia, VP Channel Sales, AVG Technologies

By Marco La Vecchia, VP Channel Sales, AVG Technologies

The threat landscape has seldom been more risky for small businesses than it is today. Cyber criminals have figured out that most small businesses are holding extremely valuable customer and financial data. They also know that most small businesses are less well equipped to deal with attacks than larger enterprises.

Cyber criminals are constantly inventing new ways to breach small company defenses, often looking for data that might directly or indirectly bring them financial gain. For example, last week hackers managed to access the database of a Domino’s Pizza regional franchise in Europe. They downloaded the personal data of thousands of customers before demanding a ransom for its return. New variants of malware such as Gameover Zeus and CryptoLocker have also been making the rounds. Distributed as part of indiscriminate phishing attacks, there have been numerous cases where small businesses have fallen victim and their systems encrypted. The criminals then offered them a decryption key in exchange for a ransom.

Such ransom attacks are just one threat vector. Another insidious trend is advanced persistent threats (APT), which is malware, usually spread by spam email that is designed to run undetected in the network but can be activated at any time by the sender. And following last year’s PRISM scandal, data privacy is also a major cause for concern. Privacy for company confidential information is something that customers have the right to expect. Here we’re dealing with safety in its widest sense — covering all aspects of company data, whether it’s stored, in the network, or on the move. Small businesses and their reseller partners must take steps to protect themselves/their customers against data loss and take privacy measures to prevent data breaches. A 2013 Ponemon Institute survey revealed that 55 percent of U.S. small businesses suffered a data breach, and 53 percent of those businesses incurred multiple breaches.

The best way to help small businesses take back control of their privacy and security is to offer them a simple, integrated approach where everything that is vulnerable, from mobile phones to PCs, is managed by their trusted IT provider from the same, single cloud security console. It is natural for small businesses owners to turn to their local reseller for help and advice on these issues. With the sharks circling small business, now is an opportune moment to move into the business of offering purpose-built cloud security services.

Small businesses depend on so many devices and applications that personalized, round-the-clock management by a services provider is far more effective than attempting to do it all yourself.  If your customers are undecided about cloud security services and are still inclined to do everything themselves,  they may be surprised at just how many tasks they will need to find time for. Here are 4 tips that will help keep your customers safe from a cyber-attack:

  1. Maintain antivirus. Some people in the industry have said that email protection and antivirus is dead. That is simply not true. As ransomware shows, cyber criminals are constantly tweaking and reinventing their malware. Keeping such standard protection in place and up to date remains the best line of defense.
     
  2. Educate staff. Train your staff so they know how to spot suspicious emails and understand the dangers of clicking on unidentified images or attachments. A recent Teamviewer survey showed that 57 percent of employees opened inappropriate email attachments.
     
  3. Conduct a systems audit. Before you can be sure you are safe, you need to know exactly where all your data is stored and who has access to it. An analysis of what information the business simply cannot afford to lose and where it is stored is critical.  Only then can you encrypt and restrict access to the important stuff.
     
  4. Implement an information security policy. Adopt official operating procedures governing employees’ access to business data, use of social media in the office and passwords.