October is “National Cybersecurity Month”. What better time than the present for small business owners to take a look at current procedures and policies to ensure their business is more secure online? The cost of recovering from a data breach can be devastating. Nearly 60 of companies shut down within six months of a cyber attack. It is vital for businesses to make sure that each employee understands the importance of being vigilant in protecting the information of the company, customers, and vendors. Here’s some useful information to make sure your business is on track.
Get Employees Involved
Every employee needs to realize that business information is just as critical as personal information. From new hires to top level management, everyone should be trained on the tactics cybercriminals may use to expose your business to an attack. The scammers are often very crafty and use deceptive tricks to gain trust and access to sensitive information. Discuss various scenarios that may occur, and frequently update training and procedures to adapt to scammers’ evolving tactics.
Cybercriminals target employees at any level to gain access to data. HR and Accounting departments often receive hacked emails from cyber crooks impersonating company CEOs to gain access to information. Phishing emails are also used to get employees to reveal their login or other business information they use to commit fraud.
Email security is a must. Train employees to look for some of these signs:
Obvious grammar and spelling mistakes.
Email sender’s address is suspicious. For example, the correct email address is JoeNobody@yourbusiness.com but the email received is from JoeNobody@youbusiness.com).
The sender is asking for sensitive information such as password and login information for company accounts or access.
Unsolicited emails with links.
Your staff should be diligent in looking for anything suspicious and report it immediately. Before responding to any email asking for sensitive data, verify with your superior if the request is authentic. Businesses should have antivirus and anti-malware software set up so emails are filtered for potential threats and use two-tier authentication for emails.
Some other best practices to incorporate are:
Discourage employees from using company email address for private communications that don’t relate to the job.
Business owners should not use their professional account for private business.
Do not access company emails on public Wi-Fi.
Avoid clicking “unsubscribe” links in spam emails.
Always use email encryption when emailing any sensitive data.
Other Security Tips
Businesses that use cloud-based sharing sites (e.g., Dropbox, Google Drive, Apple iCloud) should monitor what is shared and never send customer information or critical business data over these sites. If employees are allowed to use mobile devices to conduct business, enforce that they use strong passwords/passcodes and install security software on the device. Remote access to your business network should be restricted to those that need it. Protect all Wi-Fi routers and network-connected devices and use a separate Wi-Fi network for guests. It’s also important to keep all software and firmware updated. For disaster recovery, it is a good idea to keep an off-site backup of important data and files.
Recovering from a Cyber Attack
The truth is that no matter how many precautions a business may take, sometimes cyber attacks are inevitable. In 2018, 571 data breaches were recorded. If your business is hit, your response is just as important as your preparation. Take action immediately to recover from the incident and get your business back on track. It may be something as simple as changing your password, shutting down your router, turning off your computer or device, or disconnecting your Internet. You may need the assistance of an IT expert. If you have to restore data, your off-site backup storage will come in handy. Now is the time to use your disaster recovery plan. Depending on the type of breach, your business may need to inform your customers, clients, or vendors if their information was affected. Evaluate what modification needs to be made so this does not occur again.
Preparation is Worth It
Both big corporations and small businesses alike contend with the fraudulent tactics of cyber predators. Investing the time, money, and resources into keeping your business safe from cybercriminals can prove to be priceless.