As you’ve built or supported your business, you’ve no doubt worked hard to foster an environment where your staff feels safe, supported, happy and productive. Even if you have taken precautions, a cyberattack can quickly erase the sense of security you’ve built.
Unfortunately, the statistics regarding cybercrime are worrying. Studies show nearly every business is vulnerable to attack and that most are easy targets. In 2019, 43% of the victims of data breaches were small businesses. Studies further show that:
- Worldwide, over 60% of businesses fell victim to phishing or social engineering attacks.
- In 95% of cases, malware was delivered by email — an easy situation to prevent.
- The average data breach took 206 days to detect.
- Only 5% of company folders are correctly protected.
- About 70% of business leaders felt their cybersecurity risks were increasing — and they’re right.
Fortunately, by instituting the following quick and easy cybersecurity tips, you can begin making security a priority at your business. When cybersecurity becomes second nature, your sensitive data is protected and your employees can return to doing what they do best — helping your business grow.
1. Assume There Is a Vulnerability
Cybercrime might not feel like something that can happen to you. You might think hackers have little reason to target your business. Even if you don’t deal with financial records or proprietary legal, medical or similar information, you could still be a victim of opportunity. Like the statistics above clarify, almost half of all data breaches involved small businesses.
Today’s cyberattacks aren’t always big and flashy like the ones you hear about in the news. But if your company’s critical information is held hostage by ransomware or a Trojan manages to steal your banking information, the effects can be just as devastating.
The first step you can take to thwart hackers is to assume a defensive attitude in the office. Educated and conscientious employees who use easy, common-sense methods to protect sensitive data are your best weapon against those who want to exploit your business.
2. Use Authentication Methods
Two-factor identification requires you or your employees to verify their identity in at least two different ways before gaining access to sensitive information. When a password is the only gate protecting your data, a hacker just needs to learn that password to have free rein over information. Requiring a second method of verification — facial recognition, a fingerprint, a code sent via text or email — is often enough to stop cybercriminals in their tracks.
Two-factor identification may take a bit of time, but it’s well worth the effort to avoid a data breach or other cyberattacks. Best of all, it’s faster and easier than ever to set up two-factor authentication.
3. Don’t Reuse Passwords
Even with two-factor identification in place, strong, unique passwords are essential. One of the easiest ways for hackers to exploit users is to acquire username and password combinations.
Imagine someone in your workplace is involved in one of these incidents. If that person has used the same username and password combination for several different work-related accounts, they have just handed a hacker access to a treasure trove of information the hacker will gladly plunder. A hacker gaining access to a single account is bad enough, but something as simple as using different passwords for different accounts can at least mitigate the damage.
Of course, requiring employees to create and remember a large number of different passwords might be asking a lot. Follow the next tip to cut this task down to size and save employees time.
4. Turn off the “Save Password” Feature and Use a Password Manager
There is a big difference between the “Save Password” feature included with almost every browser and professional, third-party password managers. Most cybersecurity experts advise turning off the browser feature in favor of installing a trustworthy password manager, which has the added advantage of being accessible across all devices.
There are plenty of password managers available that cater to your security needs, the tech-savviness of your staff and other factors. While some security measures require additional time and steps, a good password manager can actually increase productivity. Consider a service like KeePass or speak with IT professionals to learn more about trustworthy password managers.
5. Keep Antivirus Software (and Other Software) up to Date
Antivirus software is a must-have tool for anyone going online, and it’s an effective one. But it’s only going to keep you and your staff safe if you know how to use it and keep it up to date. Cybercriminals are always working to come up with new ways to steal your information, and updates are essential to combat them. Antivirus software also prevents ransomware, Trojan horse programs and bots that can instigate a denial of service attack, disseminate spam from your account or create other threats.
Your antivirus software can also protect you from potentially unwanted applications (PUA), which are apps that might not be malicious but aren’t beneficial either. Your antivirus suite might not have this feature equipped by default. Whether you’ve just acquired a new antivirus package or you aren’t sure you’re making the most of the one you have, familiarize yourself with the features available to you. You could even seek the assistance of your internal or external company IT team.
All software used in the workplace should be kept up to date. It can be a time-consuming process, but many of these updates include enhanced security measures that you won’t want to be without.
6. Look out for Phishing Scams
“Phishing” is a term you probably hear tossed around frequently when cybersecurity tips for businesses are discussed. The scammers behind phishing operations are experts at making emails and links look as though they’re coming from a trusted institution like your bank, a business partner or even the government.
Scammers generally ask you to click a link that will take you to a page that may or may not be an accurate approximation of a reputable institution’s site. There, you will be asked to fill in your personal information.
The best way to protect your business and employees from these scams is through education. Some fake pages are obvious, but others are extremely sophisticated. Some giveawaysof a phishing scam might include:
- The site uses colors, images or fonts that are almost, but not quite, a match to a legitimate institution.
- The site is hosted by a free web hosting service.
- The domain portion of the URL indicates something is off — the part right before the final .com, .net or .org. For example, yourbank.scam.com can indicate, well, you guessed it.
- The site lacks the HTTPS lock icon on your web browser, where a lock indicates a site is secure. Granted, some legitimate sites might not have gotten around to using HTTPS, but better safe than sorry!
Online storage accounts like Dropbox are often targeted by these cybercriminals. Scammers never know what they’ll find, but people tend to be less vigilant about storage accounts than financial ones. Don’t let your guard down.
The bottom line is, if you or your staff have any doubt, don’t click. Even if an email from your company’s bank looks legitimate, if you don’t normally get emails from the bank, give them a call instead.
7. Secure Mobile Devices
Mobile device usage, including internet searches done from phones and tablets, has been steadily increasing. Pair that with today’s increasingly remote workforce, and mobile devices present a possible security risk. Providing simple cybersecurity tips for employees who use mobile devices in their work can go a long way toward protecting sensitive data. Some things to consider when mobile devices contain work-related information include these tips:
- Don’t leave mobile devices unattended or unlocked.
- Use two-factor authentication and password management for work accounts and applications.
- Perform updates as required — they often include new security features.
- Be as aware of potential phishing scams on mobile devices as on PCs or laptops and know that phishing through text is common.
- Don’t store sensitive work-related information on a mobile device. Instead, use a secure storage system or cloud service.
- Beware of installing apps that don’t look trustworthy.
- Take full advantage of the device’s security features, including data encryption.
- Use Apple’s Find My iPhone or Android’s Device Manager to keep tabs on your device.
8. Get a VPN
A virtual private network (VPN) sends your web activity through an encrypted tunnel to a server owned by the VPN company. Without a VPN, your information and activity can be easily followed as you navigate the internet throughout the workday. A VPN essentially takes you along a series of hidden routes that make you almost impossible to track.
In addition to snoopers who are up to no good, it’s also very easy for your internet service provider (ISP) to track your online activities. This might not harm your business, but if you’d rather protect your privacy and prevent the sale of your data, your VPN will be your new best friend.
Like most cybersecurity business tools, not all VPNs are created equal, so it’s essential to do your due diligence before committing to a plan, or better yet, to speak with the company IT team or your IT consultant.
9. Hire a Security Team
Sometimes, it’s simply best to leave cybersecurity to the experts. Since the hackers and those working to combat them are moving too fast for the average person to keep up, you might let someone whose job is keeping up with digital developments handle your security. This is especially true if your business could be targeted by cybercriminals a step above those casting a wide net for loose passwords — like if you’re working in finance, law, security or another industry that deals with valuable information.
The question is, should you build an in-house team or engage a consulting firm? Each choice comes with advantages and considerations.
An internal team will come to know your hardware, network and procedures well. They will be on-hand when there’s a crisis or a question, and they’ll never have a conflict of interest or another client ahead of you. On the other hand, the cost of maintaining even a single full-time employee to handle network security is beyond the reach of some small and midsized businesses.
Many external teams or consultants are experts and can provide a personalized touch. They’ll take a bit of time to learn your office, equipment and processes like an in-house team. For companies that recognize the importance of cybersecurity in business but don’t want to take the time to perform the necessary tests and updates themselves, a consulting firm can be a great match.
10. Keep a Backup of All Your Data
No matter how many precautions you take, an attack could slip by your defenses. For many businesses, it’s difficult and sometimes impossible to recover from a complete loss of data. In contrast, recovery can be fast and easy when data is properly backed up.
Your best bet to ensure no loss of data is to back it up physically and to follow the next tip.
11. Leverage the Cloud
Cloud services make it easy to back up and retrieve data, with many backing up periodically as you or your employees work. Hackers aren’t always interested in stealing your data — sometimes, their goal is to encrypt it and try to charge you to restore it or to wipe it out entirely. Cloud services allow you access to vast amounts of secure storage space at affordable prices. Using cloud storage along with a physical backup gives you an added layer of protection if the worst should happen.
12. Beware of Social Engineering
When cybercriminals cannot find a technological weakness to exploit, they focus their efforts on human emotions. Today’s cybercriminals are masters at manipulating people into giving out information they shouldn’t.
These attacks have much in common with phishing and operate on the assumption that the person on the other side of the screen is taking the hacker at face value. Victims believe the hacker is who they say they are, whether it’s in the form of an email from a friend or a charity or other cause. And hackers hope people will act without doing any research first. Provide security tips for employees through staff training and education to help prevent these sorts of cyberattacks.
Partner With PCS for Your Company IT Team Needs
It’s true that cybercrime can be scary. It’s also true that cybercriminals can be deterred by the right measures. Using these cybersecurity tips for businesses will go a long way toward keeping you and your sensitive data protected. For further protection, partner with PCS for our IT services and solutions.
PCS is a one-stop shop offering helpful and affordable IT services and support. Rely on our expertise to keep your company’s data safe from cybersecurity threats. Contact us today with any questions or to get started.