The cyberattacks you see in headlines aren’t the only threats your company needs to worry about. 60% of small businesses that experience an online attack go out of business within six months. Your business may be large or small, but you should know that cybercriminals don’t have a specific type of business to target – especially when there’s money that they can make.
We’ve put together 9 steps that your business can take to mitigate the risk of cyber-attacks to your organization.
-
Back it Up
It’s smart to set up automatic backups for everything that is on your computer. This will help you get documents back if they are accidentally deleted, as well as to protect you from ransomware.
In a ransomware attack, the hacker encrypts data located on your computer while demanding payment from you in order to decrypt your documents. Through backing up data on a regular basis, you can worry less about paying ransom to unlock data in the future. You’ll be able to restore your computer easily with your most recent backup.
-
Use a Safe Web Browser
Chrome is free, automatically updates, and has a good track record concerning security. To make sure your browser is even safer, you can install the extension called Privacy Badger, then enable click-to-play within Chrome to help with malvertising attacks.
Malvertising is when attackers advertise on legitimate ad networks and spend time posting healthy ads until a good reputation is built. Once a reputation is established, attackers insert a malicious code into a JavaScript of the ad. The malware then spreads to a user’s computer.
-
Use a Password Manager
The majority of password managers save and generate strong, random passwords for each account you use on the internet. This is good for online security while also will eliminating the stress of relying on memory. You only need to remember the master password you have for the vault that holds all of your saved passwords. Some examples of password managers that have basic free versions are LastPass and Dashlane.
-
Use Two-Factor Authentication for Everything
This is something you should enable on any website/system that supports it. This is sometimes called multiple-factor verification. This is a way to confirm whoever is signing onto your accounts is actually you. Some of the verification factors that are common (require 2 of the 3) are: something you have, you are, or you know. You might have done this process in the past – entering a password, receiving a text, entering a code, or using your fingerprint to unlock the account you’re trying to access.
-
Get Notified When There’s a Breach
Yes, there is a way you can find out when there’s been any breaches! If you register your email address at https://haveibeenpwned.com/ you’ll be notified if there are any security breaches tied to your email address. This will keep you up-to-date and aware of any compromised website that has lost your information. It’s important to know when your stolen account details have been made public. By being notified, you’re able to respond by changing your password on the compromised site, or even by shutting down the account.
-
Enable Disk Encryption
You should also enable built-in disk encryption on your computer. By doing do, you’re able to protect the data that’s on your computer, whether it is turned on or off. Encryption is great because it protects against cyber and physical data attacks. If an attacker steals your encrypted computer, they won’t be able to access data. Meaning, you’ll only lose the hardware. If you have Windows, BitLocker is a good tool, and on MacOS, FileVault is a good option.
-
Trust, but Verify
Pretending to be someone else – Social engineering – is a popular way for hackers to get access to company and/or personal information. For example, a hacker pretending to be an employee at your workplace to get you to click links in an email.
Blindly complying with these types of requests could enable software that’s malicious to spread through a network or computer. Ultimately allowing the hacker to take control of a system. Always ask questions before doing something a person you don’t know asks you and know it’s okay to say no to a request.
-
Use the Latest Updates
Always make sure to update and use the latest versions of software. When you update to latest version of Windows or MacOS, you’re able to add new security protections and make it easier to automatically update your applications.
Hackers take advantage of out-of-date software and use the flaws as gateways into your computer or network. For users that use Windows 10, keeping software updated is as easy as leaving Automatic Updates on default as well as enabling automatic updates within the software you use regularly. On MacOS, it’s recommended that you install software from the App Store and to configure the App Store and MacOS to automatically check and install updates.
-
Use Work Computers Only for Work
To reduce your risk for cyberattacks, separate your work and personal life. When using a work computer solely for work purposes, you’ll visit fewer websites, install less applications, and generally reduce overall attack surface. Some companies choose to tightly monitor what employees do on their work time and try to reduce what their employees can access on their work computer for non-work purposes.
Hopefully this post helps you to plan ways to improve your security. With following as many of these security tips as you can, you’ll be able to keep your data and company safe from cyberattacks this year. If you have any other tips you can think of, feel free to comment in the section below.
Request Your Complimentary Consultation!
Resource:
Kroll, T. (2017). Nine Easy Ways to Improve Your Company’s Cybersecurity. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2017/02/13/nine-easy-ways-to-improve-your-companys-cybersecurity/#2c92fb4d71b7