CYBERSECURITY TIPS
The old adage, "you're only as strong as your weakest link" holds true when it comes to cybersecurity.
When you own a business, cybersecurity can seem like an irrelevant issue, especially when your business is fairly small or just starting out. The truth is, cyber attacks do not discriminate, but small businesses may be at a greater risk due to the size and the aforementioned notion that cybersecurity is a 'big company problem.'
No matter what size your business is, it is important to adopt best practices and invest in software that will keep your business and your employees safe.
Types of cyber threats
Although cybercriminals are creating new ways of launching cyber attacks, some of their more common methods for breaching small companies have been around for a while.
Phishing
Business email compromise (BEC) scams, also known as phishing emails, continue to cause major losses in small businesses; more than US$5 billion has been stolen domestically and internationally in the past three years. Approximately 7,700 organizations are hit by a BEC scam every month.
Phishing occurs when a cybercriminal tries to trick an email recipient into opening a malicious attachment or clicking a link to a malware-laden website that could download ransomware. This method has remained popular over the years, which perhaps indicates that the person behind the computer keyboard can be the weak link in a company's security. This is why it is incredibly important that you educate your employees on the danger of phishing emails and what to do when a suspicious email pops into their inbox.
Watering holes
Watering holes are legitimate websites that have been hijacked by an attacker and turned into malicious websites, typically without the knowledge of the sites' owners. These types of sites attempt to install malware onto a device. This usually requires some action by the user, such as clicking on a link, downloading a file, or giving away information.
Start Your Business Bundle
Get clear on your business idea, its goals, objectives, and action plan.
Drive-by downloads
In the case of a drive-by download, a malicious website will attempt to install software on your computer without asking for permission first. This could happen if proper security systems are not in place or if the operating system is outdated.
Why do cybercriminals target small businesses?
The most likely reason for a cyberattack is intelligence gathering. A data breach is one possible result of a successful attack. Data breaches can involve a variety of information, from documents and intellectual property to credit card and financial information. Sometimes, cybercriminals even mine information about your staff and customers. According to a 2017 Ponemon study, the global average total cost of a data breach is US$3.62 million.
Cybersecurity best practices for small businesses
Cybersecurity for your small business begins with digital security best practices, education, and training. Educate all of your employees with the same best practices. When new employees join your team, or when best practices are updated, provide refresher training sessions.
As you develop best practices to protect your small business from cyber threats, do some research. The National Cybersecurity and Communications Integration Center's (NCCIC) website can help you create a solid cybersecurity plan for your business. You may want to establish guidelines around the following three security topics as you teach your employees how to make digital safety a daily habit:
Software updates
Hackers can enter your computer network through outdated apps with known vulnerabilities. Make sure that your employees know to install software updates and patches for applications and operating systems as soon as they're available.
Passwords
Teach your employees that the best password is a secure password. A good solution to remembering and using strong passwords is a reputable password management application, like LastPass. This stores passwords in one place, allowing people to generate strong, complex and random passwords that they don't need to memorize. They only need to remember one password to unlock the app itself.
Alternatively, ask your employees to create strong passwords that are at least 10 characters long and include numbers, symbols, and upper and lowercase letters. Advise employees to never write down their passwords or keep a list of them on their laptops or at their workstations.
Virtual Private Networks
Virtual Private Networks, or VPNs, can go a long way toward securing your company's information. VPNs encrypt all traffic leaving and entering your devices. If someone somehow manages to intercept your information, all they will get is encrypted data.
Encourage uptake at the office
Unfortunately, none of this education and training will help secure your business unless you create a culture of cybersecurity awareness around the office. So how do you encourage your employees to protect your company's information?
Compliance programs: make changing passwords a regular task, like getting an oil change in your car. Ensure that everyone is doing what they need to do to keep their passwords safe.
Rewards programs: offer rewards for employees who find ways to improve cybersecurity around the office, such as by reporting phishing emails.
Accountability programs: encouraging your employees to tattle on each other for not following best practices will just erode trust among your team; instead, encourage your employees to gently hold one another accountable to ensure compliance with best practices. Consider instituting an anonymous reporting system or encouraging employees to have open conversations about cybersecurity with each other.
SHARE THIS
COMMENTS
Stay Connected:
Copyright 2022 © BizAcademi Training Inc.