Big or small, all businesses are vulnerable to cyber attacks. Beyond installing anti-virus software and firewalls, here are some simple solutions to upgrade your cybersecurity game for your business.
Did you know?
- 81% of data breaches are due to poor password management
- 60% of businesses fail within 6 months after a data breach
- 54% of data breaches are caused by negligent employees or contractors
- 44% of small businesses experienced a cyber attack in 2016
Beyond installing anti-virus software and firewalls, here are some simple solutions to upgrade your cybersecurity game for your business.
1. Use a password management program to create and store strong passwords.
Did you know that weak and stolen passwords are the greatest threat to your business’s security? Managing a plethora of passwords can be a pain, and it’s convenient to use (and share) the same one for various accounts. Unfortunately, this practice puts our data at great risk — 81% of data breaches are due to poor password management.
A password management program, such as Keeper or KeePass, allows you to easily create and retrieve strong passwords — no sticky notes or spreadsheets required! You just need to remember one password in order to access all of your accounts, which are securely stored in an encrypted database.
Password Best Practices
- Do not reuse passwords
- Use strong passwords with at least 12 characters that are at a mix of letters (capital and lowercase), numerals, and symbols
- Do not share passwords via email. If you must email a password, use onetimesecret.com to create a one-time link for accessing sensitive information.
2. Be wary of files and links sent via email (and train your employees to be aware of potential threats).
Phishing scams are becoming more sophisticated. For example, hackers may mimic (or “spoof”) an email address so the message appears to come from higher-ups and colleagues. Always be cautious and if the message sounds suspicious, e.g., your boss is asking you to wire transfer a large sum, contact the “sender” directly by phone to verify that the email request is legit, especially if you weren’t expecting it. Scan attachments with anti-virus software before opening. Report suspicious messages to your IT team and email provider. You can also ask your IT team to configure your program to prevent spoofing internal company email addresses.
Avoid clicking on sign-in redirect links in emails. Instead, use your internet browser to access the website directly via a bookmark or by typing in the URL to avoid being redirected to phishing links. This practice also provides reassurance that you’re on the correct site.
Also, be aware of phone phishing scams as hackers can also spoof phone numbers. If you suspect the call might be a scam, hang up and call the company directly.
Finally, never provide your login information or personal details to someone who contacts you.
Telltale Signs of Phishing Emails
- It asks you to provide or verify login or other personal information
- It is not professionally written (poor grammar, spelling, and sentence structure are major red flags)
- It contains an unexpected attachment
- The web and email addresses do not look real or correct (hackers my substitute characters from legit addresses to try to fool you, such as using the numeral “0” in place of an alpha “O”)
3. Invest in security awareness training courses and tools for your employees.
Cybersecurity is everyone’s responsibility. One of our favorite resources is KnowBe4, which offers a range of free tools to test and educate your employees by making sure they understand the mechanisms of spam, phishing, spear phishing, malware and social engineering, and are able to apply this knowledge in their day-to-day job.
4. Do not conduct sensitive tasks on public WiFi.
Do not check your bank account, make online purchases, or pay bills on public WiFi. Cyber threats lurk everywhere, including seemingly innocuous places like your local coffee shop. Using a public WiFi network, even those that are password-protected, opens your device to vulnerabilities — any data that you send over public WiFi is not secure. Hackers can intercept information and create their own WiFi networks that use the same or similar name to trick visitors.
5. Verify a site is secure before submitting personal data.
When submitting personal information or purchasing from a website, always check for the “HTTPS” at the beginning of the URL to ensure that the connection and data transfer is secure and encrypted in transit.
Important Note: The “closed padlock” icon next to a site’s URL doesn’t necessarily indicate that the site is safe. Cybercriminals also use encrypted sites to capture personal data. Check out this post by KnowBe4 to learn more about fraudulent sites and encryption.
6. Log out of programs when you’re not using them.
Staying perpetually logged into programs leaves them vulnerable for attack. You wouldn’t leave your keys in the ignition of your car when out to dinner would you? Staying signed into websites and programs when you are not using them is nearly the same. If someone gains access to your computer with your accounts still signed in, they can act on your behalf.
7. Make sure your software and anti-virus programs are up-to-date.
Outdated operating systems and software are vulnerable to malware attacks. Software updates patch security vulnerabilities that have been discovered in previous versions. Enable auto-updates and perform regular virus scans to ensure your computers are up to date and protected.
8. Install ad-blocking extensions or plugins on your company computers’ internet browsers.
Free ad-blocking tools, such as Adblock Plus, can easily be added as an extension to web browsers to help weed out malicious ads and malware.
9. Make sure your important documents and files are backed up.
Protect your data by backing up files to an external drive or cloud storage as close to real time as possible in case of infection or ransomware attack. You want to be sure you can roll back earlier versions of files that may have become infected or encrypted due to a ransomware attack or accidental deletion.
10. Develop a cyber attack recovery plan.
OK, so this one isn’t simple, but it’s important to help ensure your business recovers in the event of a cyber attack; 60% of businesses fail within 6 months after a data breach.
Fortunately, there are tools to make this project a bit easier:
- The FCC Small Biz Cyber Planner 2.0 can help you create a customized cybersecurity plan for your business
- The FTC Data Breach Response Guide provides directives on what to do if your business has been hacked
- The Department of Homeland Security has great tips and guidelines for creating an information technology disaster recovery plan
11. Read more about ways to protect your business from cyber attacks.
Here are some great sites for business cybersecurity resources and training:
- Department of Homeland Security Stop.Think.Connect Small Business Resources
- Small Business Development Center Cybersecurity Resources and Contacts
- Small Business Administration Cybersecurity for Small Business Training Exercise
- National Cybersecurity Awareness Month Business Resources
- National Cyber Security Alliance CyberSecure My Business
- National Institute of Standards and Technology Cybersecurity Framework
- Federal Trade Commission Cybersecurity for Small Business
- US Computer Emergency Readiness Team (US-CERT) Resources for Small and Midsize Businesses