In soccer, both teams prepare for competition by practicing and implementing a game plan around how best to attack and defend against the opposition. This also applies to what small business owners need to do to protect themselves from cybercrime. For both, careful planning, diligent prevention and thorough strategy are essential, whether playing a sports game or protecting your business assets.
Devote time to training and practice
Before any team takes the field, all players need to study a playbook of offensive and defensive strategies; they must also put in the time to train and practice to succeed in the game. Without practice, teams are unprepared to take the field and bring home a win. In a recent study, 77 percent of small business owners believe their companies are safe from a cyber attack—even though 87 percent of those business owners don’t have a written security policy in place.
Your playbook is a company security strategy that includes a plan to train all employees in security awareness and company security policies. From mobile devices to computers, it’s important for you and your employees to understand current cyber threats, what you can do to stay safe, and which security products to employ to protect devices and their use. You should practice by regularly refreshing employee security awareness and providing annual security policy training. This training can range from a simple staff meeting to in-depth online coursework. (A great place to start is by regularly downloading and reading the McAfee Quarterly Threat Report at www.mcafee.com/us/threat-center.aspx.)
It only takes one goal to lose the game; similarly, all it takes is one employee to surf a hijacked website or click on a malicious link in a phishing e-mail to compromise a company’s intellectual property, financial data or customer data.
Ensure players are protected and have the right skill sets
No coach would let t players on the field without the proper safety equipment and physical training. For soccer, this means wearing the proper protective gear—such as shin guards—and teaching players basic passing and dribbling skills. In the security world, it’s no different. You need to make sure all devices, servers, websites and e-mails are protected with the appropriate security solution—a layered solution that protects employees regardless of their location, whether it’s from home, airports, hotels, coffee shops or local offices. Every employee must have the proper equipment to protect themselves and their devices.
Build strong team morale
The more your players think like a team, the more they will play like a team. For small to medium sized business owners (SMB), they must consistently coach their employees in the basics of good cyber hygiene such as using strong passwords to make sure their “team” is safe from harmful opponents. The stronger the password, the stronger the defense. A team is only as strong as its weakest link—every employee should understand the importance of cyber security and know the critical role he or she plays.
Know your opponents
Every player on a team should study his or her opponent prior to an important game. This involves watching game film of past games to understand the opponent’s plays, team dynamics and playing style. The same goes for the security world. To prevent an attack, the key is to understand the current trends in cybercrime and learn how to identify and defend against attacks.
Attacks can happen in a split second, with the download of an app that looks legitimate or the click of a link to an infected website. Knowing what goes on behind an attack can help you and your employees ensure important data is not put at risk.
Cyber attacks typically occur in four stages. Understanding each phase is crucial since you may not be aware an attack has occurred until it reaches the final stage. And at that point, it’s often too late.
Phase1: Initial contact
The first phase occurs when the user’s device first connects with a piece of malware or virus. This can happen by clicking on a link within an e-mail or website, downloading an attachment or app, plugging in an infected USB drive into a device, or connecting to free, public Wi-Fi at a local coffee shop.
Phase 2: Local execution
At this point, the virus or malware will scan the device looking for a gap or vulnerability in the hardware/ software. Once found, the attack has several options. For example, it can modify the administration rights, which gives the attacker full access to the entire device to use as the pleases.
Phase 3: Establish presence
A cybercriminal’s ultimate goal is to ensure the virus or malware on the infected device becomes permanent. To do so, the criminal establishes a presence that allows the malware to preserve itself on the device by replicating and saving itself in multiple locations or by using non-threatening or legitimate software names. For example, a copy can save itself to a computer’s desktop and rename itself “Cute Kitty.jpg” so the user is unaware of the lurking threat.
Phase 4: Malicious activity
In this final, but most crucial phase, the cybercriminal starts to use the device to steal identities, commit bank fraud or pilfer intellectual property from the device owner or the contacts stored in the device’s phonebook and e-mail databases. Alternatively, the cybercriminal may wreak havoc with the device, locking the keyboard, or turning off the Wi-Fi modem, or modifying the BIOS so the device won’t work until the user pays a ransom. (Unfortunately, payment doesn’t always guarantee the device will ever work properly again!)
Now that the players have all the preemptive knowledge and training they need to win, it’s time to take the field! In sports, this includes attacking on offense, stopping the opponent on defense and having a swift and skilled goalie to ensure victory. For you, this translates to deploying a layered approach to security, one that provides protection from the first phase of an attack (initial contact) through the last line of defense (antivirus).
Offense
The offensive line is Web security. Web security protects employees while they’re online surfing the Web. Web security solutions alert employees if the site they’re about to visit contains links, viruses or pieces of malware that may be harmful to their device or prevent them from visiting known hazardous sites. By being able to initially identify which sites are dangerous, you can stop the attack at the initial point of contact and, in doing so, allow employees to continue using the Web at work, free from the worry of an attack.
Defense
The defensive line is e-mail security. E-mail security scans e-mail contents and blocks phishing scams or malware that try to gain access to financial, intellectual property and identity data, and filters outbound traffic as well, preventing users from leaking sensitive and/or proprietary information. And this is big business: Of the more than 43.2 billion active e-mail clients that send 144 billion e-mails a day, about half a billion contain phishing e-mails. Proper e-mail security not only keeps these e-mails from reaching the inbox, it also keeps them away from the network, which in turn saves you from investing in additional infrastructure or bandwidth. E-mail security also aids in providing protection from the first phase of an attack (initial contact).
Goalie
In soccer, the goalie is the last line of defense. Without the goalie, the goal is left unprotected and vulnerable to attack. The goalie for your business is antivirus/firewall security. Every device that touches business data or the company network needs an antivirus/firewall security solution (aka Endpoint). Antivirus security prevents threats from viruses, worms, Trojans and other malware from exploiting vulnerabilities on the device, while firewall security blocks unwanted access/communication to and from the device, keeping confidential company information safe.
Antivirus and firewall security is the only thing keeping the cybercriminal from being able to complete the final phase of thehis attack, the malicious activity.
Most business owners believe a firewall or antivirus software is all that is required to be fully protected. Unfortunately, antivirus software and firewalls are only a small part of an overall security solution. With the growing frequency and sophistication of attacks—many involving broader, organized crime—this technology is no longer adequate. Only by implementing a layered security solution (offense: Web + defense: e-mail + goalie: antivirus and firewall) can you ensure your employee and company assets are protected.
Security should never be a second thought when it comes to small business. To protect yourself, you must remain vigilant. Knowledge, training and implementation are the keys to success in the security world and on the “security cyber field.” Know and study the opponent, practice and prepare team members for the game, and go out there with the strongest offense, defense and goalie available. In the World Cup of business, before any team steps onto the field, it must invest in pre-game preparation to keep cybercriminals from scoring the winning goal.
HAcking is a powerful technique and strong tactics against a competitor but it’s also illegal and unfair. people always find a solution against that and found different ways.