A guest post from Glen Lowe
In today’s business world, hackers and cyberattacks threats are now considered one of the leading risks for any business around the world. According to a survey, business CEOs, brokers, insurance experts and risk managers list cyber-attacks as their biggest worry today compared to 15 years ago when cyber-attacks ranked 15th as a business risk.
The cost of ransomware is one of the greatest concern for business executives today. These costs have rapidly increased and so have business email attacks, also referred to as phishing attacks. Once the hackers gain access to business websites and files, customer data and investor details most at risk. This results in expensive litigation fees from clients and investors affected by the attack. For this reason, businesses are advised to ensure their cybersecurity measures are up to date.
Mergers and acquisitions can also cause possible security threats. This is especially common when a company invests in a business that has poor cyber security measures or existing vulnerabilities. The investing company becomes liable to any data breach that occurs before the merger or compromises its own system from merging with the bought business.
Today, ransomware, phishing and cyber-attacks are increasingly targeting large companies using sophisticated attacks and expensive extorting demands. Today, a typical ransomware demand can run in the tunes of millions of dollars, which is enough to bankrupt some companies.
Cyber-attacks are a growing concern for small and large businesses in the U.S. economy. In 2018, the cost of cybercrime had reached 2.7 billion dollars. There is a need for companies and businesses to invest their time and resources in protecting their businesses.
How to protect your business from ransomware, phishing, and cyber-attacks
Assessing your business risk
The first thing any business owner should do to improve their cybersecurity is taking the time to understand their risk of attack. This is the best way to know which area of your cyber security requires the most improvement.
Performing a cyber-security assessment is the best way to identify your business vulnerabilities and help you to create an action plan. Generally, the action plan should include training, advice on protection of information assets of the business, and offering guidance on the safe use of email platforms.
Adapting cyber-security best practices
Training your employees
Emails and employees are the leading causes of data loss in businesses since they are the direct paths to a business system. It is important to train employees on the best internet practices to minimize the likelihood of attacks.
The training topics for employees include:
- Browsing good practices
- How to spot a phishing email
- How to avoid suspicious downloads
- The importance of creating strong passwords
- Ways of protecting sensitive vendor and client data
Use of antivirus programs
All computer connected to your business server should be protected with the best antivirus programs. One of the recommended antiviruses is Bitdefender – it protects your computers from malware, spyware, and any other form of cyber-attack. Always ensure that your cyber security software is regularly updated. Most software vendors provide security patches regularly and offer updates on their programs to address any new security threats. Ensure you configure your security program in a way that it installs updates automatically.
Secure your networks
Ensure you protect your internet connections using a firewall and encryption. When using a Wi-Fi network, create a unique password for it and use Wi-Fi protection protocols to safeguard it from hackers. You can hide your Wi-Fi connection from hackers by setting up a wireless access point or router to prevent the connections from showing the network name. This is referred to as the Service Sent Identifier password that protects access to the router.
Using strong passwords
One of the easiest ways to improve your business cybersecurity is by using strong passwords for all computers and connections. Ensure you use a variation of passwords for all accounts to make it harder for cybercriminals to guess. The strongest passwords should include:
- At least ten characters
- At least one letter in uppercase
- At least one letter in lowercase
- A number
- A special character
Using multifactor authentication
Multifactor authentication is a process that requires a user to use additional information to get access to a program, file or connection; usually, a security code sent to a mobile phone. When working with vendors, especially for financial institutions, ask whether they avail multifactor authentication for their services.
Ensure data on all business computers are regularly backed up. Critical data to backup include electronic spreadsheets, word processing documents, financial files, databases, accounts receivable and payable files, and human resource files. If possible, set up your system to backup data at least weekly and ensure the copies are stored on the cloud or offsite.