In today’s changing work environments, cyberthreats are becoming more and more prevalent and are constantly evolving. Cybercrime is one of the fastest-growing types of crime in the world. In fact, according to Harvard Business Review, “If it were measured as a country, cybercrime would be the world’s third-largest economy after the U.S. and China.” It affects all industries and no business, big or small, is invulnerable, so it is essential to keep your company secure from cyberattacks. Here are 10 cybersecurity tips to protect your business.
1) Think before you click
Cybercriminals will often use email to try to gain access to your computer and steal your data. Their goal is for you to click on a link, open an attachment, or download something; if you do, malware will automatically install – often without you even knowing it – and compromise your computer. Links can be disguised to appear as if they are legit when they aren’t and it’s easy to click on a link in an email without even thinking about it. Check links before you click on them by hovering over the link to see the target URL.
If an email from an unexpected source contains an attachment and/or if the attachment seems suspicious, don’t open it. A “best practice” is to NEVER open an attachment in an email unless you are expecting to receive it.
2) Stay updated
Software updates can be issued when any security flaws are identified. Sure, update notifications can be annoying, but updating and rebooting your computer is a small inconvenience when compared to the risk of getting infected with malware or other security vulnerabilities. To protect yourself, always update to the latest version of your software.
3) Watch out for phishing scams
Over 3 billion fake emails are sent daily. Phishing attacks are one of the biggest cybersecurity threats because they are easy to create and inexpensive to send and have the potential to reach many victims. Phishing is a cybercrime in which a hacker will pose as someone the recipient knows or is familiar with or as a legitimate business or institution to trick them into clicking on a link. The link will take the user to a malicious webpage that looks just like the authentic site. The malicious site then requests sensitive personal data or can install software that infects the system with malware. This can result in financial loss, identity theft, and loss of data, just to mention a few.
Avoid emails from unfamiliar senders, look out for grammatical errors, be aware of inconsistencies or anything that looks suspicious in the email, look at the actual email address (the email may appear as coming from someone you know but if the actual address is different, it’s likely a phishing scam), and hover over any links to check the destination URL.
Overall, if an email seems suspicious, don’t open it, as it may be a phishing scam.
4) Be smart about passwords
Use strong, unique passwords for every account and change passwords periodically. Cybercriminals know that people tend to use the same passwords for multiple online accounts. The dark web provides hackers with billions of username/password combinations available for sale – or even for free. They’ll use these stolen credentials to see if they can get into your accounts. So be sure to use unique passwords for all your accounts.
Put a policy in place to change passwords regularly – at least every 3 months.
It’s also important to use strong passwords. Avoid family or pet names, city you live (or have lived) in, a favorite sports team, and your birth year or other year that has special meaning. Cybercriminals can easily find out this kind of information through social media and online. You may want to use a passphrase, which is a short sentence that only you would know and incorporates special characters and numbers in place of some of the letters. The longer and more complex, the better. For example, “I drive to work on 1st Avenue every Monday” is a great passphrase that is long, complex, and easy to remember.
5) Use multiple layers of protection
Having a strong password is important but you should also have two-factor or multi-factor authentication. This is the practice of requiring additional credential information so if an attacker has accurately guessed your password, there’s an additional security measure in place to ensure your account is not breached.
Any device connected to the internet is at risk of being infected with viruses, malware, and spyware. Protect your network and endpoints by deploying firewall, VPN, and antivirus technologies.
6) Secure your connection
This tip is an easy one to ignore. You may think connecting your device to an unsecured connection is harmless, but it’s not worth the potential consequences. When connected to a public network, the network is shared with everyone else that is also connected. So, any information you send or receive can easily be compromised. Try to only connect to private networks, especially when handling sensitive information. For even more security, use a virtual private network (VPN). This will encrypt your connection and allow you to protect your information, even from your internet service provider.
7) Avoid the “it won’t happen to me” mentality
No one is immune. If you think “it won’t happen to me” or “I don’t go to any unsafe websites”, you couldn’t be any more wrong.
Most small to medium-sized businesses (SMBs) are unaware that 64% of today’s cyber-attacks happen to organizations just like theirs. They’ve unknowingly fallen victim to the constantly evolving cyberthreats, especially with the current changing workforce environment.
Think about this: there’s a lot of information to be found in customer data, such as social security numbers, payment information, credit card information, driver’s license numbers and pictures, and other data that can be easily offered for sale on the dark web. To a cybercriminal, this information is like gold, so SMBs aren’t only their targets – they are their favorite targets.
On average, a single cyberattack can cost a small business more than $200,000, according to Hiscox Cyber Readiness Report.
Unless your business is completely offline, there’s no such thing as being “secure enough.” Even with the huge amounts of money large corporations put into security, they’re still affected by cyberattacks. Try to invest in upgrading your security – the cost for this is much less than the enormous costs and consequences of a security breach.
8) Back up data
A security breach can cause you to lose important data. In order to enable you to restore data that is lost, make sure it is backed up frequently on the cloud or a local storage device.
Some hackers don’t necessarily want to steal your data but rather are aiming to encrypt or erase it. With these ransomware attacks, which are on the rise, cybercriminals use malware that keeps companies from accessing their system unless they pay a hefty ransom. According to a study by IBM, ransomware attacks have increased by 6,000% since 2016. And they are increasing even more with the pandemic, as hospitals and health care systems are being targeted.
So, back up your data often. If you fall victim to a cyberattack, it’s the only sure way to repair your system by erasing and re-installing it from the latest back up.
9) Security awareness training for employees
Employees are the most vulnerable component when it comes to cyberattacks, and cybercriminals like to take advantage of human error and vulnerabilities. With just one click of a mouse, an employee can cause your entire security system to crumble. On the other hand, your employees can also be your first line of defense from cyberattacks by implementing security training on a regular basis. The key to making cybersecurity work for your organization is to ensure all employees are well trained, understand the importance of cybersecurity, are following security policies and procedures, and are consistently exercising best security practices.
10) Conduct regular risk assessments
This might sound like something only large corporations need to worry about. However, small and medium-sized businesses also need to incorporate them in their cybersecurity protocols. Most business owners are too busy running their business to really think about all that goes into cybersecurity. They often believe that if they are already paying for internet services, cloud storage, business software, anti-virus protection, etc. that the necessary security measures are already built in. But even with regular software updates, password reset reminders, and malware protection, businesses still need to be aggressive in protecting their physical and digital assets.
It’s best to have a reliable, outside security analysis team conduct an audit of your security protocols to ensure the necessary cybersecurity measures are in place. They can help you understand the most critical threats (such as system failures, natural disasters, and potential cybercriminal actions), uncover any vulnerabilities, determine the impact that these things could have on your business, and identify what measures can be taken to make your company as secure as possible. Regular assessments will help reveal whether your current security measures meet the level of security your business requires.
In a world of ever-increasing and evolving cyberattacks, making sure your business is truly secure and protected also becomes more and more important. With the right technology, cyber threats can be thwarted before they ever get anywhere near your system, devices, and data.
Concerned about your company’s cybersecurity? Not sure where to start? The security experts at Merit Technologies can give you quality advice and ensure your business is protected in every possible way. Contact us today!