Get All Access for $5/mo

Is Your Business Ready for Cyber War? With analysts predicting a surge in international hacking threats, here's what small businesses need to do to stay out of the crosshairs.

By Julie Cohn

Opinions expressed by Entrepreneur contributors are their own.

The Terminator

Think your small business is immune from cyber attacks from abroad? Think again.

The New York Times and Wall Street Journal recently acknowledged they had fallen victim to sophisticated cyber attacks by the Chinese government. The incidents supported security analyst predictions and F.B.I. concerns that state-sponsored espionage and cyber attacks will continue to grow in 2013.

Misguided notions of safety have led many small-business owners to skip security measures entirely, which is precisely what primes them as a target. Two things increase the likelihood that a small business will be the target of an international hacking threat: what your company does, and whom your company works with.

Certain industries are at higher risk for a state-sponsored attack, though everyone should remain vigilant, says Richard Bejtlich, chief security officer at New York City-based Mandiant, the computer security experts hired by the New York Times to find and expel the newspaper's hackers. The most vulnerable industries include those the Chinese compete with directly: telecommunications, aerospace, advanced manufacturing, finance, energy and any companies indirectly connected to those industries.

Related: New York Times Hacked: 3 Tips for Avoiding Email Scams

Also at higher risk are some law firms, non-governmental organizations, think tanks and news media that focus on hot-button Chinese foreign policy issues, such as human rights or the South China Sea.

Often, small businesses with weak security systems are targeted in attacks aimed at larger corporations. Take China's 2009 cyber-espionage coup, when Chinese hackers stole the blueprints for the U.S. joint strike fighter planes, the F-35 and F-22. Lockheed Martin's security system was nearly impenetrable, but by attacking several of the company's smaller-scale contractors instead, the Chinese were able to springboard into Lockheed's systems, nabbing research and intellectual property worth more than a trillion dollars.

"The small business might not be the target, but rather the portal," says Bejtlich, adding, "People usually think 'OK, am I the sort of company that someone else would want to attack?' But a new way to think about it is, 'Do I have relationships with a company that is likely to get attacked?'"

Despite the threat of nation-state sponsored attacks, small businesses are still far more likely to encounter an opportunistic cyber-criminal looking to siphon data or funds. When it comes to such attacks, "anyone who is connected to the internet is at risk," says Max Kelly, former chief security officer at Facebook and the current CEO of Leesburg, Va.-based Praxis Security, which provides computer security services.

Here are five suggestions for protecting your company from costly cyber-attacks:

1. Use encryption.
Encrypting data can help ensure that your company's sensitive information isn't exposed when an employee inevitably loses a company computer or cell phone. Encryption software scrambles the data so that it is unreadable to those who don't provide the correct password. For Windows, BitLocker is a full-disk encrypting feature that comes standard with the operating system, while FileVault is the Mac equivalent.

2. Educate employees about phishing scams.
One of the most common ways hackers attempt to access your network is by fooling you through a "phishing" email, Bejtlich says. These are email messages that hackers tailor to you or your business to entice you to click on a link in order to put malicious code onto your computer. Educating your employees about the threats of opening emails or clicking on suspicious links can help prevent attacks, he says.

Employees should also beware of downloading apps on mobile devices they use for business. Criminals are increasingly hiding malware inside apps -- just as they hide them in phishing links -- to try to get people to download malware. Mobile security companies like Appthority can help inform your company about which apps contain which kinds of threats, as well as manage your mobile security policies. Appthority charges $1.50 a month per user.

Related: 3 Essential Things to Teach Employees About Tech Security

3. Know your network.
Business owners need to be able to know what's happening inside their network -- what's going in and what's coming out, Kelly says. If you notice strange activity, you might be able to take preventive action before the attacker manages to compromise your data. The only truly effective way to monitor your networks is to hire a full-time security expert who is trained for that purpose, Kelly says.

If that kind of hire isn't in your startup budget, Security Onion is open-source software that can be installed on an extra server to monitor what goes in and out of a company's network. You may not know what the log means, but if you suspect an attack because your normal operations aren't functioning properly, or you notice that funds are disappearing, you can help facilitate an expert's job by providing them with the data. Mandiant also has created a free, open-source tool for threat detection called OpenIOC. Though, like Security Onion, it's only effective in preventing intrusions if someone monitors the data.

4. Keep bank accounts secure.
Use multifactor authentication to log into your bank's website -- if your bank supports it. This means your account would require a virtual token or even a phone confirmation in addition to a password, making it one step harder for a criminal to impersonate you.

The FDIC also recommends using a separate computer for online banking. That can limit the chances that you download malware from email phishing links or other day-to-day web activity onto the computer that records your bank password's keystrokes.

5. Protect your devices while traveling.
In high-risk countries like China, Russia or Iran, it isn't uncommon for computers to be physically searched while you are away from your hotel room. Keep your computing devices on you at all times. If you can afford it, Kelly says, designate a separate computer just for traveling. Don't store sensitive information on that computer and wipe it clean when you return home before connecting it to your networks.

Also, avoid bringing your smartphone to risky countries. Telecommunications providers in several high-threat countries often push malicious surveillance software on your phone so they can monitor your calls without your knowing. Instead, consider buying an inexpensive, in-country phone and discarding it when you leave.

Related: 5 Steps for Keeping Digital Data Safe When Traveling to China

Julie Cohn is a freelance journalist who has covered technology, startups, finance and foreign affairs for such publications as the Council on Foreign Relations, The New York Times and The Daily. Cohn splits her time between Palo Alto, Calif., and New York City.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Leadership

7 Telltale Signs of a Weak Leader

Whether a bully or a people pleaser who can't tell hard truths, poor leadership takes many forms.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Franchise

Kick-Start Your Small Business With These Cost Effective Strategies

Starting a small business is an exciting adventure, brimming with both opportunities and challenges. A key to success is effectively managing costs from the outset.