A typical malware attack against a business costs the affected company about $2.4 million. In other metrics, this is about 50 days of work, productivity and revenues that has been taken away from the company.
Yet, companies still don’t take cybersecurity threats seriously. For example, over 65% of companies with more than 500 employees/ users never prompt them to change their passwords. If that seems a little outrageous, it would also interest you to know that 41% of companies have thousands of sensitive records (such as user credit card details) that they are not offering any extra protection for.
You don’t want your company to be just another statistic when the hackers hit again. The truth is, there are simple, affordable steps that every business can take to dramatically reduce their risk of being a victim. Here are several ways to ensure you’re as safe as can possibly be:
Install The Latest Anti-Virus Protection on Every Computer
Small businesses usually operate with their computers interconnected on a network. Plus, any given computer typically contains various account logins to web servers or other key computers. This means that an attack to a single computer can turn into an all-out attack on all connected devices. Even if only an unimportant computer was compromised, there is no telling what information could be harvested via such a unit.
With the latest anti-virus and internet security software in place, malware and other attacks can be nipped right in the bud. All files (both offline and online) will be properly scanned to warn of malicious intent. More important, the best antivirus programs actively monitor to intercept and block threats (whether viruses, malicious websites, or other threats) in real-time.
Update Software Regularly
Software developers do not just bring out updates to satisfy their needs to keep tinkering with what they have created. More often than not, they have discovered a new vulnerability that could be used to exploit the software and have, thus, released a patch.
That is why you should proactively seek out new updates and apply them on all the software your business is running on. While you need to ensure that all your software stays up to date, the most important areas to focus on are:
- Ensure your web browsers are set to auto-update.
- Ensure you’ve turned Windows Updates on.
- Regularly check your website software (eg WordPress) and install updates.
Train Employees on Phishing Prevention
Phishing (scam emails) is one of the most serious forms of cyber-attacks, costing even mid-sized companies up to $1.6 million. Researchers estimate that 90% of successful cyber attacks involve phishing.
In this case, your best defense is people – you can prevent phishing by ensuring your employees have training on how to identity these scams – and how best to react when they encounter one. Every user needs this training, because a hacker only needs to compromise one computer on your network to launch a crippling attack.
Use Secure Passwords
With all the hammering on password security, it’s amazing that people still set their passwords to their birthdays, pet’s names, name of their kids and such simple things. You might be surprised to know that a stunning number of people still use 123456. Any hacker can crack that password in less than a second!
To combat this, make sure your business systems are configured to reject weak passwords, forcing your employees to set strong passwords for their accounts. Speaking of strong passwords, you want to make sure:
- It’s a combination of numbers, letters and special characters
- The letters are combination of lower and upper case
- The password is at least 8 – 10 characters long (longer is better)
- The password does not contain any personally identifying details e.g. name, birthday, college name, pet’s name, etc.
- Never use the same password for more than one account
It also doesn’t hurt to change your passwords frequently to stay ahead of the game.
Use Password Managers
As mentioned in the point above, using a single password for more than one account is a big no-no. However, many people do this so as to avoid a condition known as password fatigue.
How can you encourage good password usage without wasting a lot of time with forgotten passwords? To make both sides of this equation work, introduce a password management system for your business.
This will be a single app/software that helps save all the passwords employees use for different accounts in the office. That way, they can keep all their passwords unique and never have to worry about forgetting one or the other. Chrome and Firefox include secure password management systems, or you can choose a separate app (such as LastPass) to get even more features.
Review & Revoke Access Every Month
Another common weakness hackers love to exploit is old access credentials. For example, let’s say you hire a freelance web designer to update your website. You give them admin credentials to access your website. Six months later, they give away their computer to a friend, who sells it on Ebay. The new buyer scrapes the computer and sells the data they find (including your website credentials) to ann offshore hacker…who hacks your website!
To avoid this type of scenario, review who has access to what in the company every month.
Some employees might have left, but their access to certain work software is yet to be revoked. There is also the chance some officers have access to some services they don’t really need e.g. receptionists don’t need access to the accounting software.
Checking access every month (and revoking unneeded access) will help eliminate potential leaks and keep the ship running tight.
Make Regular Backups
Important data (emails, memos, files, user details, etc.) should never be left without a backup copy somewhere.
The truth is, bad things happen – even after you have done all you can to prevent an attack. If the worst happens, you will be far better off with a backup copy.
For example, a company with a good backup policy will not feel threatened by a ransomware attack when they could just shut down the system and reboot with their backup.
There are three main areas most businesses need to backup:
- Files on local computers
- Website files and databases
- Cloud-hosted data (such as files in Dropbox or Google Drive)
Most importantly, always backup offsite. If your entire network gets corrupted by ransomware, your backup will do you no good if it was on a local computer on your network!
Diligently Use Firewalls
Every business should have properly configured and maintained firewalls to block dangerous traffic into (or out of) their networks and computers.
A firewall refers to software that monitors, filters and regulates traffic to/from computers, applications, or services that the firewall has been put around. Firewalls should be used to protect all of your computers, servers, websites, apps, software and every other thing that can get online.
With a well-configured web application firewall running, you can block vulnerability hacks like SQL injection, file inclusion, security file tampering and cross-site scripting, to mention but a few. Firewalls for your computers can block everything from malicious websites to viruses.
Use a VPN
Many people see VPNs as pieces of software used by hackers and unscrupulous individuals, but that could not be farther from the truth.
A VPN offers several security benefits. The most commonly known one is anonymity. The VPN will mask the internet traffic being generated by your company through its tunneling process. That makes it impossible for anyone listening on your internet traffic to identify that stream of data with your company.
VPNs also function as a protective layer between your company and the internet. Many top tier VPNs provide monitoring to block viruses and other threats, and a VPN can also be used to further restrict access to sensitive systems or data.
Hackers are getting smarter by the day, so you need to stay on your feet too. Following the list above and making regular maintenance checks to see if anything is going wrong (or has the potential to go wrong), will help you stay free from any cybersecurity attacks.