7 ways to keep your business safe online: Best Practices for Protecting Yourself in the Data Breach Era

We don’t want to alarm anyone, but the most recent research on cybercrime is in, and the numbers indicate that the internet is basically a swirling cesspool of criminal hacking activity. Let's put it this way - if you have an online business you're essentially wearing a suit made out of raw meat in a neighborhood swarming with ferocious dogs.

According to the 2014 US State of Cybercrime Survey which gathered evaluations from over 500 representatives from US organizations, 77% of survey respondents indicated they had detected a security event in the previous 12 months. 34% indicated the number of security events they detected in 2014 had increased from 2013. Understandably, 59% of respondents were more concerned with online security threats in 2014 than they were in 2013. We expect 2015’s eventual survey will show an even bigger increase in concern.

In 2013, the average number of security incidents per organization was 135. and a whopping 3,000 companies were completely unaware of a security intrusion until they were contacted by the FBI.

Below are seven of the best security practices to keep your business data safe online. Some are simple, some are a bit more complex, and most are a mix of human and tech-y solutions.

1. Be cautious with your emails. Email communications are a major part of any online business, and as such, they have to be an important part of your security considerations. Be cognizant of who you’re sending emails to, and eliminate the possibility of sending emails containing important or confidential information in error to non-authorized persons, by either leaving the ‘To:’ field blank or by typing gibberish in it until you are finished typing your email and are confident in the contents as well as the recipient.

2. Restrict access to personal computers. Take care to lock your computers using a strong password, and for added security, you may want to consider the use of a security token, which is a physical device that acts as an electronic key.

3. Avoid password reuse. If you want to sign yourself up for an account on cheapcheesecake.com, more power to you, but when you sign up on all of these random websites that require you to create an account, you have to be absolutely sure you are not using passwords that you’re using anywhere else. Especially passwords related to your office, your personal or work computer, your business’s website, your personal or business email, or anywhere your financial information is stored. That way, in the event that cheapcheesecake.com is ever hacked, no one will be able to link a useable password to your name, email or business.

4. Make hacking protection a priority. We doubt you missed the headlines in 2014, but in case you could use a refresher, here are some of the hackings heard ‘round the world: Home Depot had the financial information of 56 million customers stolen, JP Morgan Chase had personal information stolen from 80 million individuals and businesses, and Sony Pictures was hacked so badly in November its computer networks were crippled and embarrassing personal and financial information was leaked by the attackers for weeks. (All of those incidents & more - see here)

The problem extends far beyond the headline-making data breaches, of course. Businesses large and small across all industries have been targeted, and a recent study found that 40% of companies polled experienced some form of data breach in 2014. To protect your business and your data, consider security solutions like a web application firewall, malware detection, or professional internet security.

5. DDoS protection. DDoS attacks are not only frighteningly , they’re also frighteningly costly, with an average price tag of $40,000 per hour according to recent DDoS cost survey by Incapsula.

Additionally, DDoS attacks are often used as smokescreens for intrusions or data breaches. Without DDoS mitigation, your firewall, which is meant to protect from such attacks, can be easily overwhelmed, leaving your networks exposed and vulnerable.

6. Restrict access to the company network from home offices. These are privileges that need to be closely managed. It is in your company’s best interest to only give the ability to access the office network from outside of the office to people that are not only highly trustworthy, but who also absolutely require this access, such as people who often work from home, and people who require 24/7 access to the network for their positions.

7. Keep up with your real-world protection. As much as it may seem like internet security is a completely separate issue from actual office security, it isn’t. One of the most basic ways you can prevent unauthorized access to your computers, networks or data is by physically preventing that access. Invest in good locks for your doors, safes for your most important on-paper data, information or passwords, and security cameras.