This article was originally a guest post by Georg Dauterman, CISSP, President of Valiant Technology, and has since been updated with additional information from Jay Levitt, Pursuit’s Chief Information Security Officer.
As you manage the day-to-day operations to keep your business growing, you’ve likely thought through how to protect your finances, your inventory, and your employees. But what are you doing on the technology front to protect your systems?
Cybersecurity attacks affect more than the multi-million dollars companies you’ve heard about in the news. Even the smallest businesses can fall victim to malware, ransomware, and more. Here’s what you can do today to protect your business from cybersecurity threats.
What are cyberattacks?
A cyberattack is when a hacker attempts to access your business’s computer systems to steal, alter, disable, or destroy data, applications, or other important parts of your business. While there are many different types of cybersecurity threats, the most common ones are:
Phishing: This is when a hacker sends an email form what looks like a reputable source to you or one of your employees. These attacks try to get the receiver to click on a link and enter their credentials on a page that looks like it’s from the source. The goal is to steal sensitive data like login credentials or financial information.
Phishing can also be used to distribute malware or ransomware on your business’s machines (usually through an attached file) which can lead to your customers’ data being stolen or allow hackers to hold your entire network hostage unless you pay a large sum of money.
Business Email Compromise (BEC): BEC attacks happen when a hacker impersonates someone at your business or one of your vendors. They often use this tactic to trick your employees into transferring money or sensitive information to the hacker.
Social engineering: In this style of attack, hackers will use information from social media and other publicly available information to manipulate you or your employees into sharing sensitive information or credentials. This attack is the most difficult to detect, but regular cybersecurity training can give your employees the right strategies to address potential social engineering attempts.
Any of these attacks can have devastating impacts on your business if the hackers are successful. They can interrupt your operations and revenue generation, harm your reputation, or even prompt legal action.
If your small business doesn’t have in-house resources to protect you from attacks, don’t panic! Here are six simple and powerful steps you can take to protect your business, your customers, and yourself!
1. Use strong and unique passwords in a password manager
Passwords are the first line of defense for most business systems. The overall security of any system is only as good as the weakest password in use. Always create strong passwords with the following guidelines:
- Use at least 14 characters
- Use a combination of letters, numbers, and special characters
- Always create unique passwords for each application instead of reusing them
- Use a password manager
Strong passwords can be tough to remember. When you store them in a Password Manager such as Bitwarden, LastPass, or Keeper, you’ll have a great and secure way to keep track of them. With a password manager in place, you’ll just need to remember a single main password and the manager will handle the rest.
2. Use multi-factor authentication for added security
While strong passwords are important for maintaining security within your business, adding another layer of security is even better. Multi-factor authentication (MFA) improves security by requiring more than just a password when logging into a system. Temporary codes from an authenticator app or text message provide a second verification factor, and more importantly, a piece of information that’s coming from a device in your possession that can’t be replicated by an attacker.
3. Implement mandatory cybersecurity training for your employees
Cybersecurity experts estimate that 70-90% of successful attacks are from phishing or other social engineering techniques. Training your employees on how to recognize phishing attempts can prevent a bad actor from accessing your system. Your employees must be trained on what to look for in suspicious links and requests, and to be extra cautious before entering any of their security credentials when prompted.
4. Use an anti-phishing email filtering system
Many cloud-based email services include anti-spam/phishing protection, but they’re not as comprehensive as products designed to protect your email from threats. Look at options like Microsoft Defender, SpamTitan, and Fortimail, which are all highly rated email security tools that can give your business’s email systems the extra protection they need.
A modern mail filtering system will warn you of potential or even confirmed danger in a suspicious email, preventing you from even navigating to the threat in the first place.
5. Keep your computers and mobile devices updated
Attackers are very aware of when software patches are released. They use documentation associated with patches to create exploits that can be used against unpatched devices.
Be sure to keep your computer’s operating system and applications updated. The same goes for mobile phones, tablets, and other devices. Updated software plays a critical role in protecting you and your business from known software vulnerabilities. Start with a Windows update or MacOS software update, then enable automatic updates for your applications wherever possible.
6. Back-up your information in the cloud
Think of backups as the ultimate “undo” button. If you’ve accidentally deleted a file, or find that your business email is compromised, a backup can restore your business to a point in time before the attack took place.
A cloud-to-cloud backup, used to protect Microsoft 365 and Google Suite environments, allows you to restore from a backup to undo the immediate effects of business email compromise, or even just an accidentally deleted file.
There are additional steps you’ll need to follow in the event of a successful attack, but you’ll have access to your data and other information required to maintain operations and investigate the security event.
Stay safe online and improve your defenses!
Protecting your business from cyberattacks is just as important as protecting your business’s physical space from theft and damage. By following these simple but effective steps, you can improve your defenses against common cyberattacks and quickly restore your data and operations in the event of an attack.
Whether you need to strengthen your cybersecurity defenses with new technology and equipment or take on a new opportunity, Pursuit is here to help! When you work with us, you’ll find educational resources and business loans that can keep your business moving forward. Reach out to us today to learn how we can work together.