Hacking and phishing are hot-button issues for companies. There is never enough protection against bad actors, out to do damage or make a buck.
But there are ways to make your company harder to hit, as well as more secure if someone does manage to get through. To find out how, I asked nine members from the Young Entrepreneur Council:
What are some practical ways companies can protect themselves and their data from hackers and phishing attacks?
Their best answers are below:
1. Make sure you’re using secure web hosting
For many businesses, web hosting is the weak link that makes it easy for hackers to compromise their sites. Use a web host that has secure data centers and provides backups. For enhanced security, don’t rely on shared hosting. Instead, use cloud hosting, VPS or a dedicated host. You should have your own dedicated IP address. Beyond this, use an SSL certificate on your website and have secure passwords. – Shawn Porat, Scorely
2. Only keep what you need
The best way to avoid leaked data is to capture and retain as little of it as possible. And when you do, don’t keep it in plain text. Take a common-sense approach to discern what is truly necessary data and to make sure that it’s as protected as possible. – Andrew Thomas, SkyBell Doorbell
3. Train your employees and use two-factor authentication
Teach your employees what phishing attacks look like and how to avoid them. Make sure all employees use two-factor authentication. Those two steps alone should cover the majority of attacks. If you want to up the defenses, hire a security team to test your servers, systems and people. – Andrew Saladino, Kitchen Cabinet Kings
4. Maintain your SSL certificates
Stay up to date with standard website security by maintaining an SSL certificate for your company’s website. An SSL establishes an encrypted link between your web server and browser, ensuring that all data remains protected and private. Renew it annually to be sure your site is covered. – Andrew Kucheriavy, Intechnic
5. Contract with a data security expert
A data security expert knows cutting-edge technologies, tools and encryption methods that will protect your data both during transmission and when it’s stored. Since breaches are fairly commonplace, it’s not so much as “if” a breach will happen, as “when” it will. Look for a CISSP, also known as a certified information systems security professional. They’re the experts in the field and will help keep you safe. – Nicole Munoz, Start Ranking Now
6. Implement IT security best practices
Implement IT security best practices and don’t be afraid to hire a security consulting firm to test your security measures. Use complex, 10-plus character passwords on everything, which must be changed every three months. Beware of poorly secured networks and rampant USB flash drive usage. It’ll be much less costly to prepare and protect than to have to deal with a major breach later on. – Duran Inci, Optimum7
7. Backup to external hard drives
Back up information that does not need to be in the cloud. Put it on a good old-fashioned external hard drive that isn’t connected to the internet. Scrap any data you have on your intranet that is no longer relevant. This is will minimize risks, as hackers and phishers will have a harder time gaining access to all your records. – Ismael Wrixen, FE International
8. Regularly get your security assessed
Regularly get a consultant in the IT world to assess your hardware and software as well as overall process for security to see if you are onthe right track or if there are places that need improvement. Once a year can help to cover anything new that may be occurring with security issues or new solutions that have emerged that you didn’t realize were now available. – Angela Ruth, Due
9. Keep your system patched, then scan for intrusions
Host in an environment that allows installation of agents for fire walling and intrusion detection. Keep your content management system version and patches up to date. Use third party security tools, scanners and plugins on your site. Use SSL on your website. Educate your audience on how to identify potential phishing attempts, and remind them you’ll never send an email asking for credentials. – Joe Beccalori, Interact Marketing
This post is part of our contributor series. It is written and published independently of TNW.
This post is part of our contributor series. The views expressed are the author's own and not necessarily shared by TNW.