Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

5 Tips to Protect Your Business from Cybercrime

Cybersecurity is the practice of protecting access to data and devices on a computer network. The goal is to protect a business or organization from unauthorized access. Cybercriminals are experts at finding ways into these protected systems and exploiting the information they find. Many people believe cybercriminals only target large businesses, but the truth is that any business, no matter the size, can become a potential target.

The dangers of poor cybersecurity can go well beyond financial losses. Malware can erase entire systems, alter files, steal credit card and other identity information, and a lot more. The best way to protect your business from cybercrime is to learn about it and create a cybersecurity mitigation plan. Below are five tips to help protect your business from cybercrime.

Understanding the Threat 

Cybercrime is considered any crime that occurs online. Cybercriminals target computer networks, devices, software, and operating systems. The primary way for attackers to infect a system is with malware. Once the malware has infected a system, it begins to collect passwords for software and websites you and your employees visit. Once this data is collected, it is sent to cybercriminals who use the information to steal money, data, or to gain further access into a system.

The primary reason cybercriminals target a business is to steal money. Always protect business and client financial data by using secure payment systems like ACH processing. Examples of cybercrime include email and internet fraud, identity theft, financial and credit card theft, theft of corporate data, and cyber extortion using ransomware.

The methods used to gain access into a system vary, but usually involve viruses or malware. A business may also be attacked using a technique called denial of service (DoS) which overloads a website's connections until the system fails or the attacker gains entry. Most cyber-attacks are sophisticated and can be difficult to prevent. The best way to prevent an attack is to have a company-wide cybersecurity plan.

1. Create a Plan 

While most small businesses don’t have the resources for an on-staff cybersecurity expert, that shouldn’t stop you from creating a plan and developing processes and procedures to protect your business from cyber threats. A cybersecurity plan starts with the implementation of best practices to help protect a business from both external and internal threats. Once you develop a plan, always be aware that it must be adapted to counter new and emerging threats.

External threat protection can be implemented with tools that protect endpoints. These tools include antivirus software, virtual private networks (VPNs), and firewalls. Every business should have these tools in place, and they should be properly configured.

Internal threats require policies and procedures that detail proper network access and the use of technology within an organization. Remote workers needing network access may complicate security, making it necessary to install VPNs to allow secure access. Many companies have switched to cloud-hosted services that allow for secure access and distributed networks. Whether your system is hosted or locally managed, be sure that safeguards are in place to protect your business and employees from cyber threats.

AS Sep 22. Backup Data 

Regular backups should be a part of every business cybersecurity plan. There are several options for backing up data, including local and online backup solutions. Data backup is considered mission-critical for disaster recovery. Every business should develop, implement, and maintain a complete data backup strategy. Part of your plan should consider the growth of data. A backup solution should be secure, but also allow for growth.

There are many backup storage options available, from tapes, to drives, to cloud solutions. No matter what you choose, be sure the solution is secure and available in the event of a disaster.

 3. Secure Your Network 

The easiest way into a system is by finding the weakest link. Typically, the weak link is the endpoints. An endpoint is where a network starts or ends. Many internet-connected devices, such as routers and modems, are improperly configured and not kept up to date. These often-neglected devices provide an easy way into a system.

Endpoint security protects data and devices as they connect to a network. Endpoint protection monitors data as it enters or leaves a system. Access is monitored, logged, and checked for unsafe or unauthorized access. If a malware or intrusion attempt is caught before entering or leaving your system, you may stop a crime before any damage occurs. Endpoint protection systems are available for cloud and server applications, which are scalable and easy to implement with existing computer architectures. To help protect your business, never overlook endpoint protection.

4. Schedule Updates 

Regular updates should be a part of every security plan. Computers, network devices, mobile devices, and anything that connects to a network should always be kept up to date. Keeping software and devices up to date is a critical part of cybersecurity. When attacking a system, a cybercriminal will target vulnerabilities in devices, but also operating systems and software. If access cannot be gained through the operating system, then the attack turns to out-of-date software.

Modern operating systems, including MacOS, Windows, Linux, and Android, publish regular updates that should always be applied. Automating updates is a good solution, but system administrators should always make sure updates are being properly applied.

Software should also be routinely checked for updates and upgrades. Nothing should be left to chance, and any device including mobiles and tablets with software and operating systems should always be kept up to date.

5. Install Security Software 

There are many affordable security software suites available for most any system. A security suite will offer more tools to help manage security on a system. These include antivirus, firewall, browsing, and malware protection.

Antivirus and malware software needs to be updated often as new and emerging threats arise. Firewalls are not updated as often but must be properly configured to work. Security suites allow for protection against multiple threats, but each piece of software can also be installed separately as well. No matter what approach you take, be sure to configure the software properly and keep everything up to date.

Aaron Smith
Aaron Smith
Aaron Smith is an LA-based content strategist and consultant in support of STEM firms and medical practices. He covers industry developments and helps companies connect with clients. In his free time, Aaron enjoys swimming, swing dancing, and sci-fi novels.

Related Posts

OT Security Dozen Part 3: Network Security Architecture & Segmentation

This is Part 3 of The OT Security Dozen – a 12-part series on building an OT/ICS cybersecurity program fo...
Muhammad Yousuf Faisal Oct 4, 2022 5:30:00 AM

Cyber-Related Process Hazard Analysis

This blog has been repurposed from the January-February 2020 edition of InTech. The introduction of proce...
Contributing Authors Sep 27, 2022 5:30:00 AM

Industrial Cybersecurity Mistakes to Avoid in the New Normal

There is no doubt that the ongoing pandemic has forced us to rethink our cybersecurity programs and plann...
Mohammed Adel Saad Sep 20, 2022 5:30:00 AM